76 lines
1.9 KiB
YAML
76 lines
1.9 KiB
YAML
|
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumnetworkpolicy_v2.json
|
||
|
---
|
||
|
apiVersion: cilium.io/v2
|
||
|
kind: CiliumNetworkPolicy
|
||
|
metadata:
|
||
|
name: hubble-ui
|
||
|
namespace: kube-system
|
||
|
specs:
|
||
|
- nodeSelector:
|
||
|
# apply to master nodes
|
||
|
matchLabels:
|
||
|
node-role.kubernetes.io/control-plane: ''
|
||
|
ingress:
|
||
|
# hubble ui -> api server
|
||
|
- fromEndpoints:
|
||
|
- matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-ui
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '6443'
|
||
|
protocol: TCP
|
||
|
- endpointSelector:
|
||
|
# apply to core dns endpoints
|
||
|
matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: coredns
|
||
|
ingress:
|
||
|
# hubble ui -> core dns
|
||
|
- fromEndpoints:
|
||
|
- matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-ui
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '53'
|
||
|
protocol: UDP
|
||
|
- endpointSelector:
|
||
|
# apply to hubble relay endpoints
|
||
|
matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-relay
|
||
|
ingress:
|
||
|
# hubble ui -> hubble relay
|
||
|
- fromEndpoints:
|
||
|
- matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-ui
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '4245'
|
||
|
protocol: TCP
|
||
|
- endpointSelector:
|
||
|
# apply to hubble ui endpoints
|
||
|
matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-ui
|
||
|
egress:
|
||
|
# hubble ui -> api server
|
||
|
- toEntities:
|
||
|
- kube-apiserver
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '6443'
|
||
|
protocol: TCP
|
||
|
# hubble ui -> hubble relay
|
||
|
- toEndpoints:
|
||
|
- matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: hubble-relay
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '4245'
|
||
|
protocol: TCP
|
||
|
# hubble ui -> core dns
|
||
|
- toEndpoints:
|
||
|
- matchLabels:
|
||
|
io.cilium.k8s.policy.serviceaccount: coredns
|
||
|
toPorts:
|
||
|
- ports:
|
||
|
- port: '53'
|
||
|
protocol: UDP
|