51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
|
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumnetworkpolicy_v2.json
|
||
|
|
---
|
||
|
|
apiVersion: cilium.io/v2
|
||
|
|
kind: CiliumNetworkPolicy
|
||
|
|
metadata:
|
||
|
|
name: hubble-relay
|
||
|
|
namespace: kube-system
|
||
|
|
specs:
|
||
|
|
- nodeSelector:
|
||
|
|
# apply to all nodes
|
||
|
|
matchLabels: {}
|
||
|
|
ingress:
|
||
|
|
# hubble relay -> hubble agent
|
||
|
|
- fromEndpoints:
|
||
|
|
- matchLabels:
|
||
|
|
io.cilium.k8s.policy.serviceaccount: hubble-relay
|
||
|
|
toPorts:
|
||
|
|
- ports:
|
||
|
|
- port: '4244'
|
||
|
|
protocol: TCP
|
||
|
|
egress:
|
||
|
|
# kubelet -> hubble relay probes
|
||
|
|
- toEndpoints:
|
||
|
|
- matchLabels:
|
||
|
|
io.cilium.k8s.policy.serviceaccount: hubble-relay
|
||
|
|
toPorts:
|
||
|
|
- ports:
|
||
|
|
- port: '4245'
|
||
|
|
protocol: TCP
|
||
|
|
- endpointSelector:
|
||
|
|
# apply to hubble relay pods
|
||
|
|
matchLabels:
|
||
|
|
io.cilium.k8s.policy.serviceaccount: hubble-relay
|
||
|
|
ingress:
|
||
|
|
# kubelet -> hubble relay probes
|
||
|
|
- fromEntities:
|
||
|
|
- host
|
||
|
|
toPorts:
|
||
|
|
- ports:
|
||
|
|
- port: '4245'
|
||
|
|
protocol: TCP
|
||
|
|
egress:
|
||
|
|
# hubble relay -> hubble agent
|
||
|
|
- toEntities:
|
||
|
|
- host
|
||
|
|
- remote-node
|
||
|
|
toPorts:
|
||
|
|
- ports:
|
||
|
|
- port: '4244'
|
||
|
|
protocol: TCP
|