Skip to content

Commit c82af30

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #112 from tssurya/add-conformance-gress-rules
Add conformance for `Gress` rules
2 parents 5ee80a1 + 3d592ba commit c82af30

File tree

4 files changed

+1101
-0
lines changed

4 files changed

+1101
-0
lines changed

conformance/base/admin_network_policy/core-gress-rules-combined.yaml

Lines changed: 170 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,170 @@
1+
apiVersion: policy.networking.k8s.io/v1alpha1
2+
kind: AdminNetworkPolicy
3+
metadata:
4+
name: gress-rules
5+
spec:
6+
priority: 15
7+
subject:
8+
namespaces:
9+
matchLabels:
10+
kubernetes.io/metadata.name: network-policy-conformance-gryffindor
11+
egress:
12+
- name: "allow-to-ravenclaw-everything"
13+
action: "Allow"
14+
to:
15+
- namespaces:
16+
namespaceSelector:
17+
matchLabels:
18+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
19+
- name: "deny-to-ravenclaw-everything"
20+
action: "Deny"
21+
to:
22+
- namespaces:
23+
namespaceSelector:
24+
matchLabels:
25+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
26+
- name: "pass-to-ravenclaw-everything"
27+
action: "Pass"
28+
to:
29+
- namespaces:
30+
namespaceSelector:
31+
matchLabels:
32+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
33+
- name: "deny-to-slytherin-at-ports-80-53-9003"
34+
action: "Deny"
35+
to:
36+
- namespaces:
37+
namespaceSelector:
38+
matchLabels:
39+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
40+
ports:
41+
- portNumber:
42+
protocol: TCP
43+
port: 80
44+
- portNumber:
45+
protocol: UDP
46+
port: 53
47+
- portNumber:
48+
protocol: SCTP
49+
port: 9003
50+
- name: "pass-to-slytherin-at-port-80-53-9003"
51+
action: "Pass"
52+
to:
53+
- namespaces:
54+
namespaceSelector:
55+
matchLabels:
56+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
57+
ports:
58+
- portNumber:
59+
protocol: TCP
60+
port: 80
61+
- portNumber:
62+
protocol: UDP
63+
port: 53
64+
- portNumber:
65+
protocol: SCTP
66+
port: 9003
67+
- name: "allow-to-hufflepuff-at-ports-8080-5353"
68+
action: "Allow"
69+
to:
70+
- namespaces:
71+
namespaceSelector:
72+
matchLabels:
73+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
74+
ports:
75+
- portNumber:
76+
protocol: TCP
77+
port: 8080
78+
- portNumber:
79+
protocol: UDP
80+
port: 5353
81+
- portNumber:
82+
protocol: SCTP
83+
port: 9003
84+
- name: "deny-to-hufflepuff-everything-else"
85+
action: "Deny"
86+
to:
87+
- namespaces:
88+
namespaceSelector:
89+
matchLabels:
90+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
91+
ingress:
92+
- name: "allow-from-ravenclaw-everything"
93+
action: "Allow"
94+
from:
95+
- namespaces:
96+
namespaceSelector:
97+
matchLabels:
98+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
99+
- name: "deny-from-ravenclaw-everything"
100+
action: "Deny"
101+
from:
102+
- namespaces:
103+
namespaceSelector:
104+
matchLabels:
105+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
106+
- name: "pass-from-ravenclaw-everything"
107+
action: "Pass"
108+
from:
109+
- namespaces:
110+
namespaceSelector:
111+
matchLabels:
112+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
113+
- name: "deny-from-slytherin-at-port-80-53-9003"
114+
action: "Deny"
115+
from:
116+
- namespaces:
117+
namespaceSelector:
118+
matchLabels:
119+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
120+
ports:
121+
- portNumber:
122+
protocol: TCP
123+
port: 80
124+
- portNumber:
125+
protocol: UDP
126+
port: 53
127+
- portNumber:
128+
protocol: SCTP
129+
port: 9003
130+
- name: "pass-from-slytherin-at-port-80-53-9003"
131+
action: "Pass"
132+
from:
133+
- namespaces:
134+
namespaceSelector:
135+
matchLabels:
136+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
137+
ports:
138+
- portNumber:
139+
protocol: TCP
140+
port: 80
141+
- portNumber:
142+
protocol: UDP
143+
port: 53
144+
- portNumber:
145+
protocol: SCTP
146+
port: 9003
147+
- name: "allow-from-hufflepuff-at-port-80-5353-9003"
148+
action: "Allow"
149+
from:
150+
- namespaces:
151+
namespaceSelector:
152+
matchLabels:
153+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
154+
ports:
155+
- portNumber:
156+
protocol: TCP
157+
port: 80
158+
- portNumber:
159+
protocol: UDP
160+
port: 5353
161+
- portNumber:
162+
protocol: SCTP
163+
port: 9003
164+
- name: "deny-from-hufflepuff-everything-else"
165+
action: "Deny"
166+
from:
167+
- namespaces:
168+
namespaceSelector:
169+
matchLabels:
170+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff

conformance/base/baseline_admin_network_policy/core-gress-rules-combined.yaml

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
apiVersion: policy.networking.k8s.io/v1alpha1
2+
kind: BaselineAdminNetworkPolicy
3+
metadata:
4+
name: default
5+
spec:
6+
subject:
7+
namespaces:
8+
matchLabels:
9+
kubernetes.io/metadata.name: network-policy-conformance-gryffindor
10+
egress:
11+
- name: "allow-to-ravenclaw-everything"
12+
action: "Allow"
13+
to:
14+
- namespaces:
15+
namespaceSelector:
16+
matchLabels:
17+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
18+
- name: "deny-to-ravenclaw-everything"
19+
action: "Deny"
20+
to:
21+
- namespaces:
22+
namespaceSelector:
23+
matchLabels:
24+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
25+
- name: "deny-to-slytherin-at-ports-80-53-9003"
26+
action: "Deny"
27+
to:
28+
- namespaces:
29+
namespaceSelector:
30+
matchLabels:
31+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
32+
ports:
33+
- portNumber:
34+
protocol: TCP
35+
port: 80
36+
- portNumber:
37+
protocol: UDP
38+
port: 53
39+
- portNumber:
40+
protocol: SCTP
41+
port: 9003
42+
- name: "allow-to-hufflepuff-at-ports-8080-5353"
43+
action: "Allow"
44+
to:
45+
- namespaces:
46+
namespaceSelector:
47+
matchLabels:
48+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
49+
ports:
50+
- portNumber:
51+
protocol: TCP
52+
port: 8080
53+
- portNumber:
54+
protocol: UDP
55+
port: 5353
56+
- portNumber:
57+
protocol: SCTP
58+
port: 9003
59+
- name: "deny-to-hufflepuff-everything-else"
60+
action: "Deny"
61+
to:
62+
- namespaces:
63+
namespaceSelector:
64+
matchLabels:
65+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
66+
ingress:
67+
- name: "allow-from-ravenclaw-everything"
68+
action: "Allow"
69+
from:
70+
- namespaces:
71+
namespaceSelector:
72+
matchLabels:
73+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
74+
- name: "deny-from-ravenclaw-everything"
75+
action: "Deny"
76+
from:
77+
- namespaces:
78+
namespaceSelector:
79+
matchLabels:
80+
kubernetes.io/metadata.name: network-policy-conformance-ravenclaw
81+
- name: "deny-from-slytherin-at-port-80-53-9003"
82+
action: "Deny"
83+
from:
84+
- namespaces:
85+
namespaceSelector:
86+
matchLabels:
87+
kubernetes.io/metadata.name: network-policy-conformance-slytherin
88+
ports:
89+
- portNumber:
90+
protocol: TCP
91+
port: 80
92+
- portNumber:
93+
protocol: UDP
94+
port: 53
95+
- portNumber:
96+
protocol: SCTP
97+
port: 9003
98+
- name: "allow-from-hufflepuff-at-port-80-5353-9003"
99+
action: "Allow"
100+
from:
101+
- namespaces:
102+
namespaceSelector:
103+
matchLabels:
104+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff
105+
ports:
106+
- portNumber:
107+
protocol: TCP
108+
port: 80
109+
- portNumber:
110+
protocol: UDP
111+
port: 5353
112+
- portNumber:
113+
protocol: SCTP
114+
port: 9003
115+
- name: "deny-from-hufflepuff-everything-else"
116+
action: "Deny"
117+
from:
118+
- namespaces:
119+
namespaceSelector:
120+
matchLabels:
121+
kubernetes.io/metadata.name: network-policy-conformance-hufflepuff

0 commit comments

Comments
 (0)