kubeasz/roles/cluster-addon/templates/cilium-check/connectivity-check.yaml.j2

1033 lines
22 KiB
Django/Jinja

# Automatically generated by Makefile. DO NOT EDIT
---
metadata:
name: echo-a
labels:
name: echo-a
topology: any
component: network-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: echo-a
spec:
hostNetwork: false
containers:
- name: echo-a-container
env:
- name: PORT
value: "8080"
ports:
- containerPort: 8080
image: easzlab.io.local:5000/cilium/json-mock:v1.3.0
imagePullPolicy: IfNotPresent
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:8080
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:8080
selector:
matchLabels:
name: echo-a
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: echo-b
labels:
name: echo-b
topology: any
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: echo-b
spec:
hostNetwork: false
containers:
- name: echo-b-container
env:
- name: PORT
value: "8080"
ports:
- containerPort: 8080
hostPort: 40000
image: easzlab.io.local:5000/cilium/json-mock:v1.3.0
imagePullPolicy: IfNotPresent
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:8080
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:8080
selector:
matchLabels:
name: echo-b
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: echo-b-host
labels:
name: echo-b-host
topology: any
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: echo-b-host
spec:
hostNetwork: true
containers:
- name: echo-b-host-container
env:
- name: PORT
value: "31000"
ports: []
image: easzlab.io.local:5000/cilium/json-mock:v1.3.0
imagePullPolicy: IfNotPresent
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:31000
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- localhost:31000
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
selector:
matchLabels:
name: echo-b-host
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-a
labels:
name: pod-to-a
topology: any
component: network-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-a
spec:
hostNetwork: false
containers:
- name: pod-to-a-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-a:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-a:8080/public
selector:
matchLabels:
name: pod-to-a
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-external-1111
labels:
name: pod-to-external-1111
topology: any
component: network-check
traffic: external
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-external-1111
spec:
hostNetwork: false
containers:
- name: pod-to-external-1111-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- 1.1.1.1
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- 1.1.1.1
selector:
matchLabels:
name: pod-to-external-1111
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-a-denied-cnp
labels:
name: pod-to-a-denied-cnp
topology: any
component: policy-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-a-denied-cnp
spec:
hostNetwork: false
containers:
- name: pod-to-a-denied-cnp-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- sh
- -c
- '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private'
livenessProbe:
timeoutSeconds: 7
exec:
command:
- sh
- -c
- '! curl -s --fail --connect-timeout 5 -o /dev/null echo-a:8080/private'
selector:
matchLabels:
name: pod-to-a-denied-cnp
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-a-allowed-cnp
labels:
name: pod-to-a-allowed-cnp
topology: any
component: policy-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-a-allowed-cnp
spec:
hostNetwork: false
containers:
- name: pod-to-a-allowed-cnp-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-a:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-a:8080/public
selector:
matchLabels:
name: pod-to-a-allowed-cnp
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-external-fqdn-allow-baidu-cnp
labels:
name: pod-to-external-fqdn-allow-baidu-cnp
topology: any
component: policy-check
traffic: external
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-external-fqdn-allow-baidu-cnp
spec:
hostNetwork: false
containers:
- name: pod-to-external-fqdn-allow-baidu-cnp-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- www.baidu.com
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- www.baidu.com
selector:
matchLabels:
name: pod-to-external-fqdn-allow-baidu-cnp
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-b-multi-node-clusterip
labels:
name: pod-to-b-multi-node-clusterip
topology: multi-node
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-b-multi-node-clusterip
spec:
hostNetwork: false
containers:
- name: pod-to-b-multi-node-clusterip-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b:8080/public
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
selector:
matchLabels:
name: pod-to-b-multi-node-clusterip
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-b-multi-node-headless
labels:
name: pod-to-b-multi-node-headless
topology: multi-node
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-b-multi-node-headless
spec:
hostNetwork: false
containers:
- name: pod-to-b-multi-node-headless-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-headless:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-headless:8080/public
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
selector:
matchLabels:
name: pod-to-b-multi-node-headless
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: host-to-b-multi-node-clusterip
labels:
name: host-to-b-multi-node-clusterip
topology: multi-node
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: host-to-b-multi-node-clusterip
spec:
hostNetwork: true
containers:
- name: host-to-b-multi-node-clusterip-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b:8080/public
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
dnsPolicy: ClusterFirstWithHostNet
selector:
matchLabels:
name: host-to-b-multi-node-clusterip
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: host-to-b-multi-node-headless
labels:
name: host-to-b-multi-node-headless
topology: multi-node
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: host-to-b-multi-node-headless
spec:
hostNetwork: true
containers:
- name: host-to-b-multi-node-headless-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-headless:8080/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-headless:8080/public
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
dnsPolicy: ClusterFirstWithHostNet
selector:
matchLabels:
name: host-to-b-multi-node-headless
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-b-multi-node-nodeport
labels:
name: pod-to-b-multi-node-nodeport
topology: multi-node
component: nodeport-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-b-multi-node-nodeport
spec:
hostNetwork: false
containers:
- name: pod-to-b-multi-node-nodeport-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-host-headless:31414/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-host-headless:31414/public
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
selector:
matchLabels:
name: pod-to-b-multi-node-nodeport
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: pod-to-b-intra-node-nodeport
labels:
name: pod-to-b-intra-node-nodeport
topology: intra-node
component: nodeport-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
template:
metadata:
labels:
name: pod-to-b-intra-node-nodeport
spec:
hostNetwork: false
containers:
- name: pod-to-b-intra-node-nodeport-container
ports: []
image: easzlab.io.local:5000/centos:7
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- sleep 1000000000
readinessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-host-headless:31414/public
livenessProbe:
timeoutSeconds: 7
exec:
command:
- curl
- -sS
- --fail
- --connect-timeout
- "5"
- -o
- /dev/null
- echo-b-host-headless:31414/public
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- echo-b
topologyKey: kubernetes.io/hostname
selector:
matchLabels:
name: pod-to-b-intra-node-nodeport
replicas: 1
apiVersion: apps/v1
kind: Deployment
---
metadata:
name: echo-a
labels:
name: echo-a
topology: any
component: network-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
ports:
- name: http
port: 8080
type: ClusterIP
selector:
name: echo-a
apiVersion: v1
kind: Service
---
metadata:
name: echo-b
labels:
name: echo-b
topology: any
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
ports:
- name: http
port: 8080
nodePort: 31414
type: NodePort
selector:
name: echo-b
apiVersion: v1
kind: Service
---
metadata:
name: echo-b-headless
labels:
name: echo-b-headless
topology: any
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
ports:
- name: http
port: 8080
type: ClusterIP
selector:
name: echo-b
clusterIP: None
apiVersion: v1
kind: Service
---
metadata:
name: echo-b-host-headless
labels:
name: echo-b-host-headless
topology: any
component: services-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
ports: []
type: ClusterIP
selector:
name: echo-b-host
clusterIP: None
apiVersion: v1
kind: Service
---
metadata:
name: pod-to-a-denied-cnp
labels:
name: pod-to-a-denied-cnp
topology: any
component: policy-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
endpointSelector:
matchLabels:
name: pod-to-a-denied-cnp
egress:
- toPorts:
- ports:
- port: "53"
protocol: ANY
toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s:k8s-app: kube-dns
- toPorts:
- ports:
- port: "53"
protocol: ANY
toCIDR:
- {{ LOCAL_DNS_CACHE }}/32
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
---
metadata:
name: pod-to-a-allowed-cnp
labels:
name: pod-to-a-allowed-cnp
topology: any
component: policy-check
traffic: internal
quarantine: "false"
type: autocheck
spec:
endpointSelector:
matchLabels:
name: pod-to-a-allowed-cnp
egress:
- toPorts:
- ports:
- port: "8080"
protocol: TCP
toEndpoints:
- matchLabels:
name: echo-a
- toPorts:
- ports:
- port: "53"
protocol: ANY
toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s:k8s-app: kube-dns
- toPorts:
- ports:
- port: "53"
protocol: ANY
toCIDR:
- {{ LOCAL_DNS_CACHE }}/32
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
---
metadata:
name: pod-to-external-fqdn-allow-baidu-cnp
labels:
name: pod-to-external-fqdn-allow-baidu-cnp
topology: any
component: policy-check
traffic: external
quarantine: "false"
type: autocheck
spec:
endpointSelector:
matchLabels:
name: pod-to-external-fqdn-allow-baidu-cnp
egress:
- toFQDNs:
- matchPattern: '*.baidu.com'
- toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: '*'
toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s:k8s-app: kube-dns
- toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: '*'
toCIDR:
- {{ LOCAL_DNS_CACHE }}/32
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy