-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug Fix: Protocol Ports not being honored in v1 policies if they do n…
…ot reference external networks
- Loading branch information
Satyam Sinha
committed
Apr 21, 2022
1 parent
6a67c70
commit 9dc0806
Showing
3 changed files
with
44 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 1,21 @@ | ||
APIVersion: 1 | ||
data: | ||
networkaccesspolicies: | ||
- applyPolicyMode: IncomingTraffic | ||
description: unidirectional incoming traffic from private to protected | ||
logsEnabled: true | ||
name: 'test: pu2pu-parent-ns accept from private to protected' | ||
object: | ||
- - $namespace=/saurabh/parent/protected | ||
propagate: true | ||
subject: | ||
- - $namespace=/saurabh/parent/private | ||
- applyPolicyMode: IncomingTraffic | ||
description: unidirectional incoming traffic from private to protected | ||
logsEnabled: true | ||
name: "test: pu2pu-parent-ns accept from private to protected" | ||
object: | ||
- - $namespace=/saurabh/parent/protected | ||
propagate: true | ||
subject: | ||
- - $namespace=/saurabh/parent/private | ||
ports: | ||
- icmp6 | ||
- udp/1:65535 | ||
- tcp/1:65535 | ||
- icmp | ||
identities: | ||
- networkaccesspolicy | ||
- externalnetwork | ||
- networkaccesspolicy | ||
- externalnetwork | ||
label: policytest1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 1,23 @@ | ||
APIVersion: 1 | ||
data: | ||
networkaccesspolicies: | ||
- applyPolicyMode: IncomingTraffic | ||
description: Unidirectional incomingPolicy, subject, object in same namespace | ||
logsEnabled: true | ||
name: 'test: pu2pu-pu-ns unidirectional incoming traffic in same ns' | ||
object: | ||
- - $namespace=/saurabh/parent/private | ||
- '@app:docker:name=protected-nginx' | ||
propagate: true | ||
subject: | ||
- - $namespace=/saurabh/parent/private | ||
- '@app:docker:name=private-nginx' | ||
- applyPolicyMode: IncomingTraffic | ||
description: Unidirectional incomingPolicy, subject, object in same namespace | ||
logsEnabled: true | ||
name: "test: pu2pu-pu-ns unidirectional incoming traffic in same ns" | ||
object: | ||
- - $namespace=/saurabh/parent/private | ||
- "@app:docker:name=protected-nginx" | ||
propagate: true | ||
subject: | ||
- - $namespace=/saurabh/parent/private | ||
- "@app:docker:name=private-nginx" | ||
ports: | ||
- icmp6 | ||
- udp/1:65535 | ||
- tcp/1:65535 | ||
- icmp | ||
identities: | ||
- networkaccesspolicy | ||
- externalnetwork | ||
- networkaccesspolicy | ||
- externalnetwork | ||
label: policytest2 | ||
|