CNI+Cilium+Calico+Weave+Kubenet
March 3, 2023
CiliumNetworkPolicy
cat <<EOF | kubectl apply -f -
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: "fqdn"
spec:
endpointSelector:
matchLabels:
org: empire
class: mediabot
egress:
- toFQDNs:
- matchName: "ya.ru"
- toEndpoints:
- matchLabels:
"k8s:io.kubernetes.pod.namespace": kube-system
"k8s:k8s-app": kube-dns
toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: "*"
EOF
kubectl exec --tty --stdin mediabot -- /bin/bash bash-4.3# curl -I -s https://ya.ru HTTP/1.1 302 Moved temporarily
curl -I -s https://api.twitter.com Timeout
kubectl get ciliumNetworkpolicy NAME AGE fqdn 6d2