fix: add in missing ACLs for windows multitenancy (#2617)

* test: test conflist for windows multitenancy on an aks cluster

* fix: add in allow acls

Author: pjohnst5

cni/azure-windows-multitenancy.conflist

@@ -55,11 +55,29 @@
                         "Priority": 200,
                         "RuleType": "Switch"
                     }
+                },
+                {
+                    "Name":  "EndpointPolicy",
+                    "Value":  {
+                        "Type":  "ACL",
+                        "Action":  "Allow",
+                        "Direction":  "In",
+                        "Priority":  65500
+                    }
+                },
+                {
+                    "Name":  "EndpointPolicy",
+                    "Value":  {
+                        "Type":  "ACL",
+                        "Action":  "Allow",
+                        "Direction":  "Out",
+                        "Priority":  65500
+                    }
                 }
             ],
              "windowsSettings": {
                  "hnsTimeoutDurationInSeconds" : 120
              }
         }
     ]
-}
+}

cni/windows.Dockerfile

@@ -21,6 +21,7 @@ COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS.conflist /paylo
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift.conflist /payload/azure-swift.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay.conflist /payload/azure-swift-overlay.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay-dualstack.conflist /payload/azure-swift-overlay-dualstack.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy.conflist /payload/azure-multitenancy.conflist
 COPY --from=azure-vnet /azure-container-networking/telemetry/azure-vnet-telemetry.config /payload/azure-vnet-telemetry.config
 RUN cd /payload && sha256sum * > sum.txt
 RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done