# output of "gcloud container clusters describe tetragon-benchmarking-oss --zone=us-west2-a | grep -e clusterIpv4Cidr -e servicesIpv4Cidr"
# clusterIpv4Cidr: 10.44.0.0/14
#  clusterIpv4Cidr: 10.44.0.0/14
#  clusterIpv4CidrBlock: 10.44.0.0/14
#  servicesIpv4Cidr: 10.48.0.0/20
#  servicesIpv4CidrBlock: 10.48.0.0/20
# servicesIpv4Cidr: 10.48.0.0/20

# For more information see: https://docs.isovalent.com/user-guide/sec-ops-visibility/workload-identity/index.html#egress-flow-to-suspicious-external-ip
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: "monitor-network-activity-outside-cluster-cidr-range"
spec:
  kprobes:
  - call: "tcp_connect"
    syscall: false
    args:
    - index: 0
      type: "sock"
    selectors:
    - matchArgs:
      - index: 0
        operator: "NotDAddr"
        values:
        - 127.0.0.1
        - ${PODCIDR}
        - ${SERVICECIDR}