Revision ca1af73ffe025e2ebdb6c8cd5b2cfb1909cb3b06 authored by Tim Horner on 13 March 2024, 15:45:55 UTC, committed by Jarno Rajahalme on 13 March 2024, 21:52:50 UTC
Signed-off-by: Tim Horner <timothy.horner@isovalent.com>
1 parent a58e3f4
l7-policy-TLS.yaml
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: "l7-policy-tls"
specs:
- description: "L7 policy with TLS"
endpointSelector:
matchLabels:
id: app2
egress:
- toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: "*"
- toFQDNs:
- matchPattern: "www.lyft.com"
toPorts:
- ports:
- port: "443"
protocol: "TCP"
terminatingTLS:
secret:
namespace: "default"
name: "lyft-server"
originatingTLS:
secret:
namespace: "default"
name: "test-client"
rules:
http:
- method: "GET"
path: "/privacy"
headerMatches:
- mismatch: REPLACE
name: "User-Agent"
secret:
namespace: "default"
name: "user-agent"
- description: "L7 policy with TLS without HTTP rules"
endpointSelector:
matchLabels:
id: app3
egress:
- toPorts:
- ports:
- port: "53"
protocol: ANY
rules:
dns:
- matchPattern: "*"
- toFQDNs:
- matchPattern: "www.lyft.com"
toPorts:
- ports:
- port: "443"
protocol: "TCP"
terminatingTLS:
secret:
namespace: "default"
name: "lyft-server"
originatingTLS:
secret:
namespace: "default"
name: "test-client"
Computing file changes ...
