# Automatically generated by Makefile. DO NOT EDIT --- metadata: name: echo-a labels: name: echo-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-a spec: hostNetwork: false containers: - name: echo-a-container env: - name: PORT value: "8080" ports: - containerPort: 8080 image: easzlab.io.local:5000/cilium/json-mock:v1.3.0 imagePullPolicy: IfNotPresent readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 selector: matchLabels: name: echo-a replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-b labels: name: echo-b topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-b spec: hostNetwork: false containers: - name: echo-b-container env: - name: PORT value: "8080" ports: - containerPort: 8080 hostPort: 40000 image: easzlab.io.local:5000/cilium/json-mock:v1.3.0 imagePullPolicy: IfNotPresent readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:8080 selector: matchLabels: name: echo-b replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-b-host labels: name: echo-b-host topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: echo-b-host spec: hostNetwork: true containers: - name: echo-b-host-container env: - name: PORT value: "31000" ports: [] image: easzlab.io.local:5000/cilium/json-mock:v1.3.0 imagePullPolicy: IfNotPresent readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:31000 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - localhost:31000 affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: echo-b-host replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a labels: name: pod-to-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a spec: hostNetwork: false containers: - name: pod-to-a-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public selector: matchLabels: name: pod-to-a replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-external-1111 labels: name: pod-to-external-1111 topology: any component: network-check traffic: external quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-external-1111 spec: hostNetwork: false containers: - name: pod-to-external-1111-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - 1.1.1.1 livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - 1.1.1.1 selector: matchLabels: name: pod-to-external-1111 replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a-denied-cnp labels: name: pod-to-a-denied-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a-denied-cnp spec: hostNetwork: false containers: - name: pod-to-a-denied-cnp-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - sh - -c - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' livenessProbe: timeoutSeconds: 7 exec: command: - sh - -c - '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private' selector: matchLabels: name: pod-to-a-denied-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-a-allowed-cnp labels: name: pod-to-a-allowed-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-a-allowed-cnp spec: hostNetwork: false containers: - name: pod-to-a-allowed-cnp-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-a:8080/public selector: matchLabels: name: pod-to-a-allowed-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-external-fqdn-allow-baidu-cnp labels: name: pod-to-external-fqdn-allow-baidu-cnp topology: any component: policy-check traffic: external quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-external-fqdn-allow-baidu-cnp spec: hostNetwork: false containers: - name: pod-to-external-fqdn-allow-baidu-cnp-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - www.baidu.com livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - www.baidu.com selector: matchLabels: name: pod-to-external-fqdn-allow-baidu-cnp replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-clusterip labels: name: pod-to-b-multi-node-clusterip topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-clusterip spec: hostNetwork: false containers: - name: pod-to-b-multi-node-clusterip-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-clusterip replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-headless labels: name: pod-to-b-multi-node-headless topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-headless spec: hostNetwork: false containers: - name: pod-to-b-multi-node-headless-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-headless replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: host-to-b-multi-node-clusterip labels: name: host-to-b-multi-node-clusterip topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: host-to-b-multi-node-clusterip spec: hostNetwork: true containers: - name: host-to-b-multi-node-clusterip-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname dnsPolicy: ClusterFirstWithHostNet selector: matchLabels: name: host-to-b-multi-node-clusterip replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: host-to-b-multi-node-headless labels: name: host-to-b-multi-node-headless topology: multi-node component: services-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: host-to-b-multi-node-headless spec: hostNetwork: true containers: - name: host-to-b-multi-node-headless-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-headless:8080/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname dnsPolicy: ClusterFirstWithHostNet selector: matchLabels: name: host-to-b-multi-node-headless replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-multi-node-nodeport labels: name: pod-to-b-multi-node-nodeport topology: multi-node component: nodeport-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-multi-node-nodeport spec: hostNetwork: false containers: - name: pod-to-b-multi-node-nodeport-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-multi-node-nodeport replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: pod-to-b-intra-node-nodeport labels: name: pod-to-b-intra-node-nodeport topology: intra-node component: nodeport-check traffic: internal quarantine: "false" type: autocheck spec: template: metadata: labels: name: pod-to-b-intra-node-nodeport spec: hostNetwork: false containers: - name: pod-to-b-intra-node-nodeport-container ports: [] image: easzlab.io.local:5000/easzlab/alpine-curl:v7.85.0 imagePullPolicy: IfNotPresent command: - /bin/sh - -c - sleep 1000000000 readinessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public livenessProbe: timeoutSeconds: 7 exec: command: - curl - -sS - --fail - --connect-timeout - "5" - -o - /dev/null - echo-b-host-headless:31414/public affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: name operator: In values: - echo-b topologyKey: kubernetes.io/hostname selector: matchLabels: name: pod-to-b-intra-node-nodeport replicas: 1 apiVersion: apps/v1 kind: Deployment --- metadata: name: echo-a labels: name: echo-a topology: any component: network-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 type: ClusterIP selector: name: echo-a apiVersion: v1 kind: Service --- metadata: name: echo-b labels: name: echo-b topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 nodePort: 31414 type: NodePort selector: name: echo-b apiVersion: v1 kind: Service --- metadata: name: echo-b-headless labels: name: echo-b-headless topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: - name: http port: 8080 type: ClusterIP selector: name: echo-b clusterIP: None apiVersion: v1 kind: Service --- metadata: name: echo-b-host-headless labels: name: echo-b-host-headless topology: any component: services-check traffic: internal quarantine: "false" type: autocheck spec: ports: [] type: ClusterIP selector: name: echo-b-host clusterIP: None apiVersion: v1 kind: Service --- metadata: name: pod-to-a-denied-cnp labels: name: pod-to-a-denied-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-a-denied-cnp egress: - toPorts: - ports: - port: "53" protocol: ANY toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - toPorts: - ports: - port: "53" protocol: ANY toCIDR: - {{ LOCAL_DNS_CACHE }}/32 apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy --- metadata: name: pod-to-a-allowed-cnp labels: name: pod-to-a-allowed-cnp topology: any component: policy-check traffic: internal quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-a-allowed-cnp egress: - toPorts: - ports: - port: "8080" protocol: TCP toEndpoints: - matchLabels: name: echo-a - toPorts: - ports: - port: "53" protocol: ANY toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - toPorts: - ports: - port: "53" protocol: ANY toCIDR: - {{ LOCAL_DNS_CACHE }}/32 apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy --- metadata: name: pod-to-external-fqdn-allow-baidu-cnp labels: name: pod-to-external-fqdn-allow-baidu-cnp topology: any component: policy-check traffic: external quarantine: "false" type: autocheck spec: endpointSelector: matchLabels: name: pod-to-external-fqdn-allow-baidu-cnp egress: - toFQDNs: - matchPattern: '*.baidu.com' - toPorts: - ports: - port: "53" protocol: ANY rules: dns: - matchPattern: '*' toEndpoints: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns - toPorts: - ports: - port: "53" protocol: ANY rules: dns: - matchPattern: '*' toCIDR: - {{ LOCAL_DNS_CACHE }}/32 apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy