diff --git a/README.md b/README.md index 1a4a2cf9..fc0c2a75 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ Examples: k8snetpolicy list -k ./kube/config Flags: + --explain Enhance the analysis of permitted connectivity with explainability information --exposure Enhance the analysis of permitted connectivity with exposure analysis -f, --file string Write output to specified file --focusworkload string Focus connections of specified workload in the output ( or ) @@ -151,6 +152,8 @@ source: default/redis-cart[Deployment], destination: 0.0.0.0-255.255.255.255, di Additional details about the connectivity analysis and its output is specified [here](docs/connlist_output.md). +Additional details about explainability analysis (`--explain` flag for the `list` command) is specified [here](docs/explain_analysis.md). + Additional details about exposure analysis (`--exposure` flag for the `list` command) is specified [here](docs/exposure_analysis.md). Additional details about the connectivity diff command and its output is specified [here](docs/diff_output.md). diff --git a/docs/explain_analysis.md b/docs/explain_analysis.md new file mode 100644 index 00000000..52c111fc --- /dev/null +++ b/docs/explain_analysis.md @@ -0,0 +1,301 @@ +# Explain analysis - enhance `list` connectivity analysis + +## Motivation + +`list` without `--exposure`, produces a report of permitted connectivity between pairs of nodes, without an explanation what resources contributed to this connectivity being allowed.\ +Likewise, it does not detail neither explain all denied connectivity. + +The goal of explainability analysis is to provide this additional information, specifying the resources (such as network policies, admin network policies, routes and more) that contributed to allowing or denying a connectivity between any pair of nodes. +This report can help testing whether the configured resources induce connectivity as expected, and give hints to where the resources may be changed to + achieve the desired result. + +The explainability analysis is currently supported for txt output format of the `list` command. +To run explainability analysis, just run the `list` command with the additional `--explain` flag. + +The section below details a comprehensive example of input manifests for workloads and network policies, and shows the output result of explainability analysis. + + +## Example + +### Input Manifests: +`Namespaces and Pods`: +``` +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foo + labels: + security: internal + kubernetes.io/metadata.name: foo + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bar + labels: + security: internal + kubernetes.io/metadata.name: bar + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: baz + labels: + kubernetes.io/metadata.name: baz + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + kubernetes.io/metadata.name: monitoring + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: foo + name: myfoo + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: fooimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: bar + name: mybar + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: barimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: baz + name: mybaz + labels: + security: none +spec: + containers: + - name: myfirstcontainer + image: bazimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: monitoring + name: mymonitoring + labels: + security: monitoring +spec: + containers: + - name: myfirstcontainer + image: monitoringimage + +``` + +`NetworkPolicy`: +``` +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: foo +spec: + podSelector: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring +``` + +`BaselineAdminNetworkPolicy`: +``` +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: BaselineAdminNetworkPolicy +metadata: + name: default +spec: + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "deny-ingress-from-all-namespaces-on-TCP1-9000" + action: "Deny" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portRange: + protocol: TCP + start: 1 + end: 9000 +``` + +`AdminNetworkPolicies`: +``` +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: allow-monitoring +spec: + priority: 9 + subject: + namespaces: {} + ingress: + - name: "allow-ingress-from-monitoring-on-TCP1234" + action: "Allow" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 1234 + +--- +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: pass-monitoring +spec: + priority: 7 + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "pass-ingress-from-monitoring-on-TCP8080" + action: "Pass" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 8080 + +``` +#### Textual Result: +``` +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[9001-65535] the system default (Allow all) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: + +ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: + +ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => bar/mybar[Pod] +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => bar/mybar[Pod] +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 +``` diff --git a/pkg/cli/list.go b/pkg/cli/list.go index 91118826..0fa31742 100644 --- a/pkg/cli/list.go +++ b/pkg/cli/list.go @@ -22,6 +22,7 @@ import ( var ( focusWorkload string exposureAnalysis bool + explain bool output string // output format outFile string // output file ) @@ -85,6 +86,9 @@ func getConnlistOptions(l *logger.DefaultLogger) []connlist.ConnlistAnalyzerOpti if exposureAnalysis { res = append(res, connlist.WithExposureAnalysis()) } + if explain { + res = append(res, connlist.WithExplanation()) + } return res } @@ -130,6 +134,7 @@ defined`, c.Flags().StringVarP(&focusWorkload, "focusworkload", "", "", "Focus connections of specified workload in the output ( or )") c.Flags().BoolVarP(&exposureAnalysis, "exposure", "", false, "Enhance the analysis of permitted connectivity with exposure analysis") + c.Flags().BoolVarP(&explain, "explain", "", false, "Enhance the analysis of permitted connectivity with explainability information") // output format - default txt // output format - default txt supportedFormats := strings.Join(connlist.ValidFormats, ",") diff --git a/pkg/internal/testutils/testutils.go b/pkg/internal/testutils/testutils.go index 8e1f05c9..89a71237 100644 --- a/pkg/internal/testutils/testutils.go +++ b/pkg/internal/testutils/testutils.go @@ -26,6 +26,7 @@ var update = flag.Bool("update", false, "write or override golden files") const ( connlistExpectedOutputFilePartialName = "connlist_output." + explainExpectedOutputFilePartialName = "explain_output." exposureExpectedOutputFilePartialName = "exposure_output." underscore = "_" dotSign = "." @@ -56,6 +57,18 @@ func ConnlistTestNameByTestArgs(dirName, focusWorkload, format string, exposureF return testName, expectedOutputFileName } +// ExplainTestNameByTestArgs returns explain test name and test's expected output file from some tests args +func ExplainTestNameByTestArgs(dirName, focusWorkload string) (testName, expectedOutputFileName string) { + namePrefix := dirName + if focusWorkload != "" { + namePrefix += focusWlAnnotation + strings.Replace(focusWorkload, "/", underscore, 1) + } + testName = namePrefix + outputPartialName := explainExpectedOutputFilePartialName + expectedOutputFileName = namePrefix + underscore + outputPartialName + output.TextFormat + return testName, expectedOutputFileName +} + // DiffTestNameByTestArgs returns diff test name and test's expected output file from some tests args func DiffTestNameByTestArgs(ref1, ref2, format string) (testName, expectedOutputFileName string) { namePrefix := "diff_between_" + ref2 + "_and_" + ref1 diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 2c24aa1b..bfb415ee 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -49,6 +49,7 @@ type ConnlistAnalyzer struct { focusWorkload string exposureAnalysis bool exposureResult []ExposedPeer + explain bool outputFormat string muteErrsAndWarns bool peersList []Peer // internally used peersList used in dot formatting; in case of focusWorkload option contains only relevant peers @@ -138,6 +139,13 @@ func WithExposureAnalysis() ConnlistAnalyzerOption { } } +// WithExplanation is a functional option which directs ConnlistAnalyzer to return explainability of connectivity +func WithExplanation() ConnlistAnalyzerOption { + return func(c *ConnlistAnalyzer) { + c.explain = true + } +} + // WithOutputFormat is a functional option, allowing user to choose the output format txt/json/dot/csv/md. func WithOutputFormat(outputFormat string) ConnlistAnalyzerOption { return func(p *ConnlistAnalyzer) { @@ -160,6 +168,7 @@ func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer { stopOnError: false, exposureAnalysis: false, exposureResult: nil, + explain: false, errors: []ConnlistError{}, outputFormat: output.DefaultFormat, } @@ -202,10 +211,12 @@ func (ca *ConnlistAnalyzer) hasFatalError() error { // getPolicyEngine returns a new policy engine considering the exposure analysis option func (ca *ConnlistAnalyzer) getPolicyEngine(objectsList []parser.K8sObject) (*eval.PolicyEngine, error) { if !ca.exposureAnalysis { - return eval.NewPolicyEngineWithOptionsList(eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) + return eval.NewPolicyEngineWithOptionsList(eval.WithExplanation(ca.explain), + eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) } // else build new policy engine with exposure analysis option - return eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) + return eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithExplanation(ca.explain), + eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) } func (ca *ConnlistAnalyzer) connsListFromParsedResources(objectsList []parser.K8sObject) ([]Peer2PeerConnection, []Peer, error) { @@ -225,9 +236,9 @@ func (ca *ConnlistAnalyzer) connsListFromParsedResources(objectsList []parser.K8 // ConnlistFromK8sClusterWithPolicyAPI returns the allowed connections list from k8s cluster resources, and list of all peers names func (ca *ConnlistAnalyzer) ConnlistFromK8sClusterWithPolicyAPI(clientset *kubernetes.Clientset, policyAPIClientset *policyapi.Clientset) ([]Peer2PeerConnection, []Peer, error) { - pe, err := eval.NewPolicyEngineWithOptionsList(eval.WithLogger(ca.logger)) + pe, err := eval.NewPolicyEngineWithOptionsList(eval.WithExplanation(ca.explain), eval.WithLogger(ca.logger)) if ca.exposureAnalysis { - pe, err = eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithLogger(ca.logger)) + pe, err = eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithExplanation(ca.explain), eval.WithLogger(ca.logger)) } if err != nil { return nil, nil, err @@ -289,7 +300,7 @@ func updatePolicyEngineWithK8sBasicObjects(pe *eval.PolicyEngine, clientset *kub // ConnlistFromK8sCluster returns the allowed connections list from k8s cluster resources, and list of all peers names // Deprecated func (ca *ConnlistAnalyzer) ConnlistFromK8sCluster(clientset *kubernetes.Clientset) ([]Peer2PeerConnection, []Peer, error) { - pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis) + pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis, ca.explain) // insert namespaces, pods and network-policies from k8s clientset err := updatePolicyEngineWithK8sBasicObjects(pe, clientset) @@ -307,7 +318,7 @@ func (ca *ConnlistAnalyzer) ConnectionsListToString(conns []Peer2PeerConnection) ca.errors = append(ca.errors, newResultFormattingError(err)) return "", err } - out, err := connsFormatter.writeOutput(conns, ca.exposureResult, ca.exposureAnalysis) + out, err := connsFormatter.writeOutput(conns, ca.exposureResult, ca.exposureAnalysis, ca.explain) if err != nil { ca.errors = append(ca.errors, newResultFormattingError(err)) return "", err @@ -353,10 +364,11 @@ func (ca *ConnlistAnalyzer) getFormatter() (connsFormatter, error) { // connection implements the Peer2PeerConnection interface type connection struct { - src Peer - dst Peer - allConnections bool - protocolsAndPorts map[v1.Protocol][]common.PortRange + src Peer + dst Peer + allConnections bool + commonImplyingRules common.ImplyingRulesType // used for explainability, when allConnections is true + protocolsAndPorts map[v1.Protocol][]common.PortRange } func (c *connection) Src() Peer { @@ -372,13 +384,24 @@ func (c *connection) ProtocolsAndPorts() map[v1.Protocol][]common.PortRange { return c.protocolsAndPorts } +func (c *connection) OnlyCommonRules() bool { + return len(c.protocolsAndPorts) == 0 && !c.commonImplyingRules.Empty() +} + +func (c *connection) OnlyDefaultRule() bool { + return c.allConnections && len(c.protocolsAndPorts) == 0 && c.commonImplyingRules.OnlyDefaultRule() +} + // returns a *common.ConnectionSet from Peer2PeerConnection data func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.ConnectionSet { protocolsToPortSetMap := make(map[v1.Protocol]*common.PortSet, len(c.ProtocolsAndPorts())) for protocol, portRangeArr := range c.ProtocolsAndPorts() { protocolsToPortSetMap[protocol] = common.MakePortSet(false) for _, p := range portRangeArr { - protocolsToPortSetMap[protocol].AddPortRange(p.Start(), p.End()) + augmentedRange := p.(*common.PortRangeData) + // we cannot fill explainability data here, so we pass an empty rule name and an arbitrary direction (isIngress being true) + protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), + augmentedRange.InSet(), "", common.DefaultLayer, true) } } connectionSet := &common.ConnectionSet{AllowAll: c.AllProtocolsAndPorts(), AllowedProtocols: protocolsToPortSetMap} @@ -609,8 +632,8 @@ func (ca *ConnlistAnalyzer) getConnectionsBetweenPeers(pe *eval.PolicyEngine, sr return nil, nil, err } } - // skip empty connections - if allowedConnections.IsEmpty() { + // skip empty connections when running without explainability + if allowedConnections.IsEmpty() && !ca.explain { continue } p2pConnection, err := ca.getP2PConnOrUpdateExposureConn(pe, allowedConnections, srcPeer, dstPeer, exposureMaps) @@ -649,7 +672,9 @@ func (ca *ConnlistAnalyzer) getIngressAllowedConnections(ia *ingressanalyzer.Ing if err != nil { return nil, err } + peConn.RemoveDefaultRule(true) peerAndConn.ConnSet.Intersection(peConn) + peerAndConn.ConnSet.SetExplResult(true) if peerAndConn.ConnSet.IsEmpty() { ca.warnBlockedIngress(peerStr, peerAndConn.IngressObjects) continue @@ -707,10 +732,11 @@ func (ca *ConnlistAnalyzer) getP2PConnOrUpdateExposureConn(pe *eval.PolicyEngine // helper function - returns a connection object from the given fields func createConnectionObject(allowedConnections common.Connection, src, dst Peer) *connection { return &connection{ - src: src, - dst: dst, - allConnections: allowedConnections.IsAllConnections(), - protocolsAndPorts: allowedConnections.ProtocolsAndPortsMap(), + src: src, + dst: dst, + allConnections: allowedConnections.IsAllConnections(), + commonImplyingRules: allowedConnections.(*common.ConnectionSet).CommonImplyingRules, + protocolsAndPorts: allowedConnections.ProtocolsAndPortsMap(true), } } diff --git a/pkg/netpol/connlist/conns_formatter.go b/pkg/netpol/connlist/conns_formatter.go index a7701610..4456aa73 100644 --- a/pkg/netpol/connlist/conns_formatter.go +++ b/pkg/netpol/connlist/conns_formatter.go @@ -37,12 +37,12 @@ type ipMaps struct { // saveConnsWithIPs gets a P2P connection; if the connection includes an IP-Peer as one of its end-points; the conn is saved in the // matching map of the formatText maps -func (i *ipMaps) saveConnsWithIPs(conn Peer2PeerConnection) { +func (i *ipMaps) saveConnsWithIPs(conn Peer2PeerConnection, explain bool) { if conn.Src().IsPeerIPType() { - i.PeerToConnsFromIPs[conn.Dst().String()] = append(i.PeerToConnsFromIPs[conn.Dst().String()], formSingleP2PConn(conn)) + i.PeerToConnsFromIPs[conn.Dst().String()] = append(i.PeerToConnsFromIPs[conn.Dst().String()], formSingleP2PConn(conn, explain)) } if conn.Dst().IsPeerIPType() { - i.peerToConnsToIPs[conn.Src().String()] = append(i.peerToConnsToIPs[conn.Src().String()], formSingleP2PConn(conn)) + i.peerToConnsToIPs[conn.Src().String()] = append(i.peerToConnsToIPs[conn.Src().String()], formSingleP2PConn(conn, explain)) } } @@ -57,14 +57,15 @@ func createIPMaps(initMapsFlag bool) (ipMaps ipMaps) { // connsFormatter implements output formatting in the required output format type connsFormatter interface { - writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) + writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool, explain bool) (string, error) } // singleConnFields represents a single connection object type singleConnFields struct { - Src string `json:"src"` - Dst string `json:"dst"` - ConnString string `json:"conn"` + Src string `json:"src"` + Dst string `json:"dst"` + ConnString string `json:"conn"` + Explanation string `json:"explanation,omitempty"` } // string representation of the singleConnFields struct @@ -72,10 +73,22 @@ func (c singleConnFields) string() string { return fmt.Sprintf("%s => %s : %s", c.Src, c.Dst, c.ConnString) } +func (c singleConnFields) nodePairString() string { + return fmt.Sprintf("%s => %s", c.Src, c.Dst) +} + +func (c singleConnFields) stringWithExplanation() string { + return fmt.Sprintf("CONNECTIONS BETWEEN %s => %s:\n\n%s", c.Src, c.Dst, c.Explanation) +} + // formSingleP2PConn returns a string representation of single connection fields as singleConnFields object -func formSingleP2PConn(conn Peer2PeerConnection) singleConnFields { +func formSingleP2PConn(conn Peer2PeerConnection, explain bool) singleConnFields { connStr := common.ConnStrFromConnProperties(conn.AllProtocolsAndPorts(), conn.ProtocolsAndPorts()) - return singleConnFields{Src: conn.Src().String(), Dst: conn.Dst().String(), ConnString: connStr} + expl := "" + if explain { + expl = common.ExplanationFromConnProperties(conn.AllProtocolsAndPorts(), conn.(*connection).commonImplyingRules, conn.ProtocolsAndPorts()) + } + return singleConnFields{Src: conn.Src().String(), Dst: conn.Dst().String(), ConnString: connStr, Explanation: expl} } // commonly (to be) used for exposure analysis output formatters @@ -181,13 +194,13 @@ func getRepresentativePodString(podLabels v1.LabelSelector, txtOutFlag bool) str // getConnlistAsSortedSingleConnFieldsArray returns a sorted singleConnFields list from Peer2PeerConnection list. // creates ipMaps object if the format requires it (to be used for exposure results later) -func getConnlistAsSortedSingleConnFieldsArray(conns []Peer2PeerConnection, ipMaps ipMaps, saveToIPMaps bool) []singleConnFields { +func getConnlistAsSortedSingleConnFieldsArray(conns []Peer2PeerConnection, ipMaps ipMaps, saveToIPMaps, explain bool) []singleConnFields { connItems := make([]singleConnFields, len(conns)) for i := range conns { if saveToIPMaps { - ipMaps.saveConnsWithIPs(conns[i]) + ipMaps.saveConnsWithIPs(conns[i], explain) } - connItems[i] = formSingleP2PConn(conns[i]) + connItems[i] = formSingleP2PConn(conns[i], explain) } return sortConnFields(connItems, true) } diff --git a/pkg/netpol/connlist/conns_formatter_csv.go b/pkg/netpol/connlist/conns_formatter_csv.go index a8ed59df..acfaf70a 100644 --- a/pkg/netpol/connlist/conns_formatter_csv.go +++ b/pkg/netpol/connlist/conns_formatter_csv.go @@ -18,12 +18,13 @@ type formatCSV struct { // writeOutput returns a CSV string form of connections from list of Peer2PeerConnection objects // and exposure analysis results from list ExposedPeer if exists -func (cs *formatCSV) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (cs *formatCSV) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag // writing csv rows into a buffer buf := new(bytes.Buffer) writer := csv.NewWriter(buf) - err := cs.writeCsvConnlistTable(conns, writer, exposureFlag) + err := cs.writeCsvConnlistTable(conns, writer, exposureFlag, explain) if err != nil { return "", err } @@ -61,14 +62,14 @@ func writeTableRows(conns []singleConnFields, writer *csv.Writer, srcFirst bool) } // writeCsvConnlistTable writes csv table for the Peer2PeerConnection list -func (cs *formatCSV) writeCsvConnlistTable(conns []Peer2PeerConnection, writer *csv.Writer, saveIPConns bool) error { +func (cs *formatCSV) writeCsvConnlistTable(conns []Peer2PeerConnection, writer *csv.Writer, saveIPConns, explain bool) error { err := writeCsvColumnsHeader(writer, true) if err != nil { return err } cs.ipMaps = createIPMaps(saveIPConns) // get an array of sorted conns items ([]singleConnFields), if required also save the relevant conns to ipMaps - sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, cs.ipMaps, saveIPConns) + sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, cs.ipMaps, saveIPConns, explain) return writeTableRows(sortedConnItems, writer, true) } diff --git a/pkg/netpol/connlist/conns_formatter_dot.go b/pkg/netpol/connlist/conns_formatter_dot.go index adcde568..94660398 100644 --- a/pkg/netpol/connlist/conns_formatter_dot.go +++ b/pkg/netpol/connlist/conns_formatter_dot.go @@ -59,7 +59,7 @@ func getPeerLine(peer Peer) (string, bool) { // returns a dot string form of connections from list of Peer2PeerConnection objects // and from exposure-analysis results if exists -func (d *formatDOT) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (d *formatDOT) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { // 1. declaration of maps and slices to be used for forming the graph lines nsPeers := make(map[string][]string) // map from namespace to its peers (grouping peers by namespaces) nsRepPeers := make(map[string][]string) // map from representative namespace to its representative peers diff --git a/pkg/netpol/connlist/conns_formatter_json.go b/pkg/netpol/connlist/conns_formatter_json.go index c7b8ecce..09b1d966 100644 --- a/pkg/netpol/connlist/conns_formatter_json.go +++ b/pkg/netpol/connlist/conns_formatter_json.go @@ -29,13 +29,14 @@ type exposureFields struct { // writeOutput returns a json string form of connections from list of Peer2PeerConnection objects // and exposure analysis results from list ExposedPeer if exists -func (j *formatJSON) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (j *formatJSON) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag j.ipMaps = createIPMaps(exposureFlag) // output variables var jsonConns []byte var err error // get an array of sorted connlist items ([]singleConnFields) - sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, j.ipMaps, exposureFlag) + sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, j.ipMaps, exposureFlag, explain) if exposureFlag { // get an array of sorted exposure items ingressExposureItems, egressExposureItems, _ := getExposureConnsAsSortedSingleConnFieldsArray(exposureConns, j.ipMaps) diff --git a/pkg/netpol/connlist/conns_formatter_md.go b/pkg/netpol/connlist/conns_formatter_md.go index 888dc92d..256d76c3 100644 --- a/pkg/netpol/connlist/conns_formatter_md.go +++ b/pkg/netpol/connlist/conns_formatter_md.go @@ -45,9 +45,10 @@ func getMDLine(c singleConnFields, srcFirst bool) string { // writeOutput returns a md string form of connections from list of Peer2PeerConnection objects, // and exposure analysis results from list ExposedPeer if exists -func (md *formatMD) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (md *formatMD) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag // first write connlist lines - allLines := md.writeMdConnlistLines(conns, exposureFlag) + allLines := md.writeMdConnlistLines(conns, exposureFlag, explain) if !exposureFlag { return strings.Join(allLines, newLineChar) + newLineChar, nil } @@ -66,9 +67,9 @@ func writeMdLines(conns []singleConnFields, srcFirst bool) []string { } // writeMdConnlistLines returns md lines from the list of Peer2PeerConnection -func (md *formatMD) writeMdConnlistLines(conns []Peer2PeerConnection, saveIPConns bool) []string { +func (md *formatMD) writeMdConnlistLines(conns []Peer2PeerConnection, saveIPConns, explain bool) []string { md.ipMaps = createIPMaps(saveIPConns) - sortedConns := getConnlistAsSortedSingleConnFieldsArray(conns, md.ipMaps, saveIPConns) + sortedConns := getConnlistAsSortedSingleConnFieldsArray(conns, md.ipMaps, saveIPConns, explain) connlistLines := []string{getMDHeader(true)} // connlist results are formatted: src | dst | conn connlistLines = append(connlistLines, writeMdLines(sortedConns, true)...) return connlistLines diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index 2168419f..6e776570 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -10,6 +10,8 @@ import ( "fmt" "sort" "strings" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" ) // formatText: implements the connsFormatter interface for txt output format @@ -19,8 +21,8 @@ type formatText struct { // writeOutput returns a textual string format of connections from list of Peer2PeerConnection objects, // and exposure analysis results if exist -func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { - res := t.writeConnlistOutput(conns, exposureFlag) +func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + res := t.writeConnlistOutput(conns, exposureFlag, explain) if !exposureFlag { return res, nil } @@ -33,22 +35,85 @@ func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []Ex } // writeConnlistOutput writes the section of the connlist result of the output -func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns bool) string { - connLines := make([]string, len(conns)) +func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns, explain bool) string { + connLines := make([]singleConnFields, 0, len(conns)) + defaultConnLines := make([]singleConnFields, 0, len(conns)) + allConnLines := make([]singleConnFields, 0, len(conns)) + noConnLines := make([]singleConnFields, 0, len(conns)) t.ipMaps = createIPMaps(saveIPConns) for i := range conns { - connLines[i] = formSingleP2PConn(conns[i]).string() + p2pConn := formSingleP2PConn(conns[i], explain) + if explain && conns[i].(*connection).OnlyCommonRules() { + // when running with explanation, we print all/no connections grouped together + switch { + case conns[i].(*connection).OnlyDefaultRule(): + defaultConnLines = append(defaultConnLines, p2pConn) + case conns[i].(*connection).AllProtocolsAndPorts(): + allConnLines = append(allConnLines, p2pConn) + default: + noConnLines = append(noConnLines, p2pConn) + } + } else { + connLines = append(connLines, p2pConn) + } // if we have exposure analysis results, also check if src/dst is an IP and store the connection if saveIPConns { - t.ipMaps.saveConnsWithIPs(conns[i]) + t.ipMaps.saveConnsWithIPs(conns[i], explain) + } + } + result := "" + if explain { + sortConnFields(connLines, true) + sortConnFields(defaultConnLines, true) + sortConnFields(allConnLines, true) + sortConnFields(noConnLines, true) + result = writeSingleTypeLinesExplanationOutput(allConnLines, allConnHeader, false) + + writeSingleTypeLinesExplanationOutput(connLines, specificConnHeader, false) + + writeSingleTypeLinesExplanationOutput(noConnLines, noConnHeader, false) + + writeSingleTypeLinesExplanationOutput(defaultConnLines, systemDefaultPairsHeader, true) + } else { + sortConnFields(connLines, true) + for _, p2pConn := range connLines { + result += p2pConn.string() + newLineChar + } + } + return result +} + +func writeSingleTypeLinesExplanationOutput(lines []singleConnFields, header string, pairsOnly bool) string { + if len(lines) == 0 { + return "" + } + result := writeGroupHeader(header) + for _, p2pConn := range lines { + if pairsOnly { + result += p2pConn.nodePairString() + newLineChar + } else { + result += nodePairSeparationLine + result += p2pConn.stringWithExplanation() + newLineChar } } - sort.Strings(connLines) - return strings.Join(connLines, newLineChar) + newLineChar + return result +} + +const headerSep = "#" + +func writeGroupHeader(header string) string { + headerLine := headerSep + common.SpaceSeparator + header + common.SpaceSeparator + headerSep + result := newLineChar + strings.Repeat(headerSep, len(headerLine)) + newLineChar + result += headerLine + result += newLineChar + strings.Repeat(headerSep, len(headerLine)) + newLineChar + return result } const ( - unprotectedHeader = "\nWorkloads not protected by network policies:\n" + unprotectedHeader = "\nWorkloads not protected by network policies:\n" + separationLine80 = "--------------------------------------------------------------------------------" + nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine + systemDefaultPairsHeader = common.AllConnsStr + " due to " + common.SystemDefaultRule + allConnHeader = common.AllConnsStr + " and their reasons" + noConnHeader = common.NoConnsStr + " and their reasons" + specificConnHeader = "Specific connections and their reasons" ) // writeExposureOutput writes the section of the exposure-analysis result diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go new file mode 100644 index 00000000..b39386c5 --- /dev/null +++ b/pkg/netpol/connlist/explanation_test.go @@ -0,0 +1,105 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +package connlist + +import ( + "fmt" + "testing" + + "github.com/np-guard/netpol-analyzer/pkg/internal/output" + "github.com/np-guard/netpol-analyzer/pkg/internal/testutils" + + "github.com/stretchr/testify/require" +) + +// file for testing functionality of explainability analysis + +func TestExplainFromDir(t *testing.T) { + t.Parallel() + for _, tt := range explainTests { + tt := tt + t.Run(tt.testDirName, func(t *testing.T) { + t.Parallel() + pTest := prepareExplainTest(tt.testDirName, tt.focusWorkload) + res, _, err := pTest.analyzer.ConnlistFromDirPath(pTest.dirPath) + require.Nil(t, err, pTest.testInfo) + out, err := pTest.analyzer.ConnectionsListToString(res) + require.Nil(t, err, pTest.testInfo) + testutils.CheckActualVsExpectedOutputMatch(t, pTest.expectedOutputFileName, out, + pTest.testInfo, currentPkg) + }) + } +} + +func prepareExplainTest(dirName, focusWorkload string) preparedTest { + res := preparedTest{} + res.testName, res.expectedOutputFileName = testutils.ExplainTestNameByTestArgs(dirName, focusWorkload) + res.testInfo = fmt.Sprintf("test: %q", res.testName) + cAnalyzer := NewConnlistAnalyzer(WithOutputFormat(output.TextFormat), WithFocusWorkload(focusWorkload), WithExplanation()) + res.analyzer = cAnalyzer + res.dirPath = testutils.GetTestDirPath(dirName) + return res +} + +var explainTests = []struct { + testDirName string + focusWorkload string +}{ + { + testDirName: "acs-security-demos", + }, + { + testDirName: "anp_and_banp_using_networks_and_nodes_test", + }, + { + testDirName: "anp_banp_blog_demo", + }, + { + testDirName: "anp_banp_blog_demo_2", + }, + { + testDirName: "anp_banp_test_with_named_port_matched", + }, + { + testDirName: "anp_banp_test_with_named_port_unmatched", + }, + { + testDirName: "anp_demo", + }, + { + testDirName: "anp_test_10", + }, + { + testDirName: "demo_app_with_routes_and_ingress", + }, + { + testDirName: "ipblockstest", + }, + { + testDirName: "k8s_ingress_test_new", + }, + { + testDirName: "multiple_ingress_objects_with_different_ports_new", + }, + { + testDirName: "multiple_topology_resources_2", + }, + { + testDirName: "netpol_named_port_test", + }, + { + testDirName: "new_online_boutique", + }, + { + testDirName: "onlineboutique", + }, + { + testDirName: "onlineboutique_workloads_with_ingress", + }, + { + testDirName: "route_example_with_target_port", + }, +} diff --git a/pkg/netpol/connlist/exposure_analysis.go b/pkg/netpol/connlist/exposure_analysis.go index e2c76d74..a3491975 100644 --- a/pkg/netpol/connlist/exposure_analysis.go +++ b/pkg/netpol/connlist/exposure_analysis.go @@ -78,6 +78,8 @@ func xgressExposureListToXgressExposureDataList(xgressExp []*xgressExposure) []X res := make([]XgressExposureData, len(xgressExp)) for i := range xgressExp { res[i] = xgressExp[i] + exposure := res[i].(*xgressExposure) + exposure.potentialConn = exposure.potentialConn.GetEquivalentCanonicalConnectionSet() } return res } diff --git a/pkg/netpol/connlist/exposure_analysis_test.go b/pkg/netpol/connlist/exposure_analysis_test.go index ccda3db3..fd46228e 100644 --- a/pkg/netpol/connlist/exposure_analysis_test.go +++ b/pkg/netpol/connlist/exposure_analysis_test.go @@ -54,7 +54,7 @@ func newTCPConnWithPorts(ports []int) *common.ConnectionSet { conn := common.MakeConnectionSet(false) portSet := common.MakePortSet(false) for i := range ports { - portSet.AddPort(intstr.FromInt(ports[i])) + portSet.AddPort(intstr.FromInt(ports[i]), common.InitImplyingRules()) } conn.AddConnection(v1.ProtocolTCP, portSet) return conn @@ -337,16 +337,41 @@ func checkExpectedVsActualData(t *testing.T, testName string, actualExp ExposedP "test: %q, mismatch in is egress protected for peer %q", testName, actualExp.ExposedPeer().String()) require.Equal(t, expectedData.isIngressProtected, actualExp.IsProtectedByIngressNetpols(), "test: %q, mismatch in is ingress protected for peer %q", testName, actualExp.ExposedPeer().String()) - require.Equal(t, expectedData.lenIngressExposedConns, len(actualExp.IngressExposure()), + ingressExposure := actualExp.IngressExposure() + require.Equal(t, expectedData.lenIngressExposedConns, len(ingressExposure), "test: %q, mismatch in length of ingress exposure slice for peer %q", testName, actualExp.ExposedPeer().String()) for i := range expectedData.ingressExp { - require.Contains(t, actualExp.IngressExposure(), expectedData.ingressExp[i], + require.True(t, checkXgressExposureContainment(ingressExposure, expectedData.ingressExp[i]), "test: %q, expected ingress data %v is not contained in actual results", testName, expectedData.ingressExp[i]) } - require.Equal(t, expectedData.lenEgressExposedConns, len(actualExp.EgressExposure()), + egressExposure := actualExp.EgressExposure() + require.Equal(t, expectedData.lenEgressExposedConns, len(egressExposure), "test: %q, mismatch in length of egress exposure slice for peer %q", testName, actualExp.ExposedPeer().String()) for i := range expectedData.egressExp { - require.Contains(t, actualExp.EgressExposure(), expectedData.egressExp[i], + require.True(t, checkXgressExposureContainment(egressExposure, expectedData.egressExp[i]), "test: %q, expected egress data %v is not contained in actual results", testName, expectedData.egressExp[i]) } } + +func checkXgressExposureContainment(actualArray []XgressExposureData, expectedItem *xgressExposure) bool { + for i := range actualArray { + currItem := actualArray[i].(*xgressExposure) + if currItem.IsExposedToEntireCluster() != expectedItem.IsExposedToEntireCluster() { + continue + } + if !currItem.IsExposedToEntireCluster() { + if currItem.namespaceLabels.String() != expectedItem.namespaceLabels.String() { + continue + } + if currItem.podLabels.String() != expectedItem.podLabels.String() { + continue + } + } + conn1 := expectedItem.PotentialConnectivity().(*common.ConnectionSet) + conn2 := currItem.PotentialConnectivity().(*common.ConnectionSet) + if conn1.Equal(conn2) { + return true + } + } + return false +} diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index 897f9701..b6d6835a 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package ingressanalyzer import ( + "fmt" "strconv" ocroutev1 "github.com/openshift/api/route/v1" @@ -283,7 +284,7 @@ func (ia *IngressAnalyzer) AllowedIngressConnections() (map[string]*PeerAndIngre func mergeResults(routesMap, ingressMap map[string]*PeerAndIngressConnSet) { for k, v := range routesMap { if _, ok := ingressMap[k]; ok { - ingressMap[k].ConnSet.Union(v.ConnSet) + ingressMap[k].ConnSet.Union(v.ConnSet, false) } else { ingressMap[k] = v } @@ -301,20 +302,20 @@ func (ia *IngressAnalyzer) allowedIngressConnectionsByResourcesType(mapToIterate continue } for objName, svcList := range objSvcMap { - ingressObjTargetPeersAndPorts, err := ia.getIngressObjectTargetedPeersAndPorts(ns, svcList) + ingObjStr := types.NamespacedName{Namespace: ns, Name: objName}.String() + ingressObjTargetPeersAndPorts, err := ia.getIngressObjectTargetedPeersAndPorts(ns, ingObjStr, svcList, ingType) if err != nil { return nil, err } // avoid duplicates in the result, consider the different ports supported for peer, pConn := range ingressObjTargetPeersAndPorts { - ingObjStr := types.NamespacedName{Namespace: ns, Name: objName}.String() if _, ok := res[peer.String()]; !ok { mapLen := 2 ingressObjs := make(map[string][]string, mapLen) ingressObjs[ingType] = []string{ingObjStr} res[peer.String()] = &PeerAndIngressConnSet{Peer: peer, ConnSet: pConn, IngressObjects: ingressObjs} } else { - res[peer.String()].ConnSet.Union(pConn) + res[peer.String()].ConnSet.Union(pConn, false) res[peer.String()].IngressObjects[ingType] = append(res[peer.String()].IngressObjects[ingType], ingObjStr) } } @@ -326,23 +327,24 @@ func (ia *IngressAnalyzer) allowedIngressConnectionsByResourcesType(mapToIterate // getIngressObjectTargetedPeersAndPorts returns map from peers which are targeted by Route/k8s-Ingress objects in their namespace to // the Ingress required connections -func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns string, - svcList []serviceInfo) (map[eval.Peer]*common.ConnectionSet, error) { +func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns, ingObjStr string, + svcList []serviceInfo, ingType string) (map[eval.Peer]*common.ConnectionSet, error) { res := make(map[eval.Peer]*common.ConnectionSet) for _, svc := range svcList { peersAndPorts, ok := ia.servicesToPortsAndPeersMap[ns][svc.serviceName] if !ok { ia.logWarning("Ignoring target service " + svc.serviceName + " : service not found") } + ruleName := fmt.Sprintf("[%s] %s // service %s", ingType, ingObjStr, svc.serviceName) for _, peer := range peersAndPorts.peers { - currIngressPeerConn, err := ia.getIngressPeerConnection(peer, peersAndPorts.ports, svc.servicePort) + currIngressPeerConn, err := ia.getIngressPeerConnection(peer, peersAndPorts.ports, svc.servicePort, ruleName) if err != nil { return nil, err } if _, ok := res[peer]; !ok { res[peer] = currIngressPeerConn } else { - res[peer].Union(currIngressPeerConn) + res[peer].Union(currIngressPeerConn, false) } } } @@ -351,13 +353,14 @@ func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns string, // getIngressPeerConnection returns the ingress connection to a peer based on the required port specified in the ingress objects func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServicePorts []corev1.ServicePort, - requiredPort intstr.IntOrString) (*common.ConnectionSet, error) { + requiredPort intstr.IntOrString, ruleName string) (*common.ConnectionSet, error) { peerTCPConn := eval.GetPeerExposedTCPConnections(peer) // get the peer port/s which may be accessed by the service required port // (if the required port is not specified, all service ports are allowed) peerPortsToFind := getPeerAccessPort(actualServicePorts, requiredPort) // compute the connection to the peer with the required port/s - res := common.MakeConnectionSet(false) + // all protocols are affected by Ingress (though only TCP may be specified; the rest are not allowed by Ingress) + res := common.MakeConnectionSetWithRule(false, common.ExplNotReferencedProtocols(ruleName), common.NPLayer, true) for _, peerPortToFind := range peerPortsToFind { portNum := peerPortToFind.IntValue() if peerPortToFind.StrVal != "" { // if the port we are searching for is namedPort @@ -373,8 +376,10 @@ func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServic } if peerTCPConn.Contains(strconv.Itoa(portNum), string(corev1.ProtocolTCP)) { - permittedPort := common.MakePortSet(false) - permittedPort.AddPort(intstr.FromInt(portNum)) + // the whole port range is affected by Ingress (not only ports mentioned by Ingress/Route resource) + permittedPort := common.MakeEmptyPortSetWithImplyingRules( + common.MakeImplyingRulesWithRule(common.ExplNotReferencedPorts(ruleName), common.NPLayer, true)) + permittedPort.AddPort(intstr.FromInt(portNum), common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, true)) res.AddConnection(corev1.ProtocolTCP, permittedPort) } } diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go index 870a76c6..46e6cea5 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go @@ -99,9 +99,10 @@ func checkConnsEquality(t *testing.T, testName string, ingressConns map[string]* "test: %q, mismatch in ingress connections to %q", testName, peerStr) // if all connections is false; check if actual conns are as expected if !expectedIngressToPeer.allConnections { - require.Contains(t, ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap(), v1.Protocol(expectedIngressToPeer.protocol), + require.Contains(t, ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap(false), v1.Protocol(expectedIngressToPeer.protocol), "test: %q, mismatch in ingress connections to peer %q, should contain protocol %q", testName, peerStr, expectedIngressToPeer.protocol) - connPortRange := ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap()[v1.Protocol(expectedIngressToPeer.protocol)] + connSet := ingressConnsToPeer.ConnSet.GetEquivalentCanonicalConnectionSet() + connPortRange := connSet.ProtocolsAndPortsMap(false)[v1.Protocol(expectedIngressToPeer.protocol)] require.Len(t, connPortRange, len(expectedIngressToPeer.ports), "test: %q, mismatch in ingress connections to %q", testName, peerStr) for i := range expectedIngressToPeer.ports { diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index 3964a0f1..2b2feabd 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -9,6 +9,7 @@ package eval import ( "errors" "net" + "sort" "strings" netv1 "k8s.io/api/networking/v1" @@ -16,7 +17,6 @@ import ( "k8s.io/apimachinery/pkg/types" "github.com/np-guard/models/pkg/netset" - "github.com/np-guard/netpol-analyzer/pkg/internal/netpolerrors" "github.com/np-guard/netpol-analyzer/pkg/netpol/eval/internal/k8s" "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" @@ -104,6 +104,11 @@ func (pe *PolicyEngine) getPoliciesSelectingPod(peer k8s.Peer, direction netv1.P if pe.exposureAnalysisFlag && len(res) > 0 { p.UpdatePodXgressProtectedFlag(direction == netv1.PolicyTypeIngress) } + if pe.explain && len(res) > 0 { + sort.Slice(res, func(i, j int) bool { + return res[i].FullName() < res[j].FullName() + }) + } return res, nil } @@ -247,7 +252,10 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) var err error // cases where any connection is always allowed if isPodToItself(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(dstK8sPeer, srcK8sPeer) { - return common.MakeConnectionSet(true), nil + res = common.MakeConnectionSet(true) + res.AddCommonImplyingRule(common.PodToItselfRule, common.DefaultLayer, true) + res.AddCommonImplyingRule(common.PodToItselfRule, common.DefaultLayer, false) + return res, nil } // egress: get egress allowed connections between the src and dst by // walking through all k8s egress policies capturing the src; @@ -256,7 +264,8 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) if err != nil { return nil, err } - if res.IsEmpty() { + res.SetExplResult(false) + if res.IsEmpty() && !pe.explain { return res, nil } // ingress: get ingress allowed connections between the src and dst by @@ -266,6 +275,7 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) if err != nil { return nil, err } + ingressRes.SetExplResult(true) res.Intersection(ingressRes) return res, nil } @@ -276,6 +286,10 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) // admin-network-policies, network-policies and baseline-admin-network-policies; // considering the precedence of each policy func (pe *PolicyEngine) allAllowedXgressConnections(src, dst k8s.Peer, isIngress bool) (allowedConns *common.ConnectionSet, err error) { + // Tanya TODO: think about the implicitly denied protocols/port ranges + // (due to NPs capturing this src/dst, but defining only some of protocols/ports) + // How to update implying rules in this case? + // first get allowed xgress conn between the src and dst from the ANPs // note that: // - anpConns may contain allowed, denied or/and passed connections @@ -287,6 +301,8 @@ func (pe *PolicyEngine) allAllowedXgressConnections(src, dst k8s.Peer, isIngress } // optimization: if all the conns between src and dst were determined by the ANPs : return the allowed conns if anpCaptured && anpConns.DeterminesAllConns() { + // since NPs/BANPs are not relevant here, perform the subtract below + anpConns.AllowedConns.Subtract(anpConns.DeniedConns) // update explainabiliy data return anpConns.AllowedConns, nil } // second get the allowed xgress conns between the src and dst from the netpols @@ -386,7 +402,7 @@ func (pe *PolicyEngine) getAllAllowedXgressConnsFromNetpols(src, dst k8s.Peer, i if pe.exposureAnalysisFlag { updatePeerXgressClusterWideExposure(policy, src, dst, isIngress) } - allowedConns.Union(policyAllowedConnectionsPerDirection) + allowedConns.Union(policyAllowedConnectionsPerDirection, true) // collect implying rules from multiple NPs } // putting the result in policiesConns object to be compared with conns allowed by ANP/BANP later policiesConns = k8s.NewPolicyConnections() @@ -406,7 +422,7 @@ func (pe *PolicyEngine) determineAllowedConnsPerDirection(policy *k8s.NetworkPol case policy.IngressPolicyExposure.ClusterWideExposure.AllowAll && src.PeerType() == k8s.PodType: return policy.IngressPolicyExposure.ClusterWideExposure, nil default: - return policy.GetIngressAllowedConns(src, dst) + return policy.GetXgressAllowedConns(src, dst, true) } } // else get egress allowed conns between src and dst @@ -416,7 +432,7 @@ func (pe *PolicyEngine) determineAllowedConnsPerDirection(policy *k8s.NetworkPol case policy.EgressPolicyExposure.ClusterWideExposure.AllowAll && dst.PeerType() == k8s.PodType: return policy.EgressPolicyExposure.ClusterWideExposure, nil default: - return policy.GetEgressAllowedConns(dst) + return policy.GetXgressAllowedConns(src, dst, false) } } @@ -485,7 +501,11 @@ func (pe *PolicyEngine) getAllAllowedXgressConnectionsFromANPs(src, dst k8s.Peer } if policiesConns.IsEmpty() { // conns between src and dst were not captured by the adminNetpols, to be determined by netpols/default conns - return k8s.NewPolicyConnections(), false, nil + policiesConns.ComplementPassConns() + return policiesConns, false, nil + } + if !policiesConns.PassConns.AllowAll { + policiesConns.ComplementPassConns() } return policiesConns, true, nil @@ -501,37 +521,40 @@ func (pe *PolicyEngine) getAllAllowedXgressConnectionsFromANPs(src, dst k8s.Peer // - note that the result may contain allowed / denied connections. func (pe *PolicyEngine) getXgressDefaultConns(src, dst k8s.Peer, isIngress bool) (*k8s.PolicyConnections, error) { res := k8s.NewPolicyConnections() - if pe.baselineAdminNetpol == nil { - res.AllowedConns = common.MakeConnectionSet(true) - return res, nil - } - if isIngress { // ingress - selectsDst, err := pe.baselineAdminNetpol.Selects(dst, true) - if err != nil { - return nil, err - } - // if the banp selects the dst on ingress, get ingress conns - if selectsDst { - res, err = pe.baselineAdminNetpol.GetIngressPolicyConns(src, dst) + if pe.baselineAdminNetpol != nil { + if isIngress { // ingress + selectsDst, err := pe.baselineAdminNetpol.Selects(dst, true) if err != nil { return nil, err } - } - } else { // egress (!isIngress) - selectsSrc, err := pe.baselineAdminNetpol.Selects(src, false) - if err != nil { - return nil, err - } - // if the banp selects the src on egress, get egress conns - if selectsSrc { - res, err = pe.baselineAdminNetpol.GetEgressPolicyConns(dst) + // if the banp selects the dst on ingress, get ingress conns + if selectsDst { + res, err = pe.baselineAdminNetpol.GetIngressPolicyConns(src, dst) + if err != nil { + return nil, err + } + } + } else { // egress (!isIngress) + selectsSrc, err := pe.baselineAdminNetpol.Selects(src, false) if err != nil { return nil, err } + // if the banp selects the src on egress, get egress conns + if selectsSrc { + res, err = pe.baselineAdminNetpol.GetEgressPolicyConns(dst) + if err != nil { + return nil, err + } + } } } - if res.IsEmpty() { // banp rules didn't capture xgress conn between src and dst, return system-default: allow-all - res.AllowedConns = common.MakeConnectionSet(true) + // if no banp or banp rules didn't capture xgress conn between src and dst, return system-default: allow-all; + // if banp rule captured xgress conn, only DeniedConns should be impacted by banp rule, + // whenever AllowedConns should anyway be system-default: allow-all (or assumed allow-all for IP-blocks) + if (isIngress && dst.PeerType() == k8s.IPBlockType) || (!isIngress && src.PeerType() == k8s.IPBlockType) { + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.IPDefaultRule, common.DefaultLayer, isIngress) + } else { + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.SystemDefaultRule, common.DefaultLayer, isIngress) } return res, nil } diff --git a/pkg/netpol/eval/eval_test.go b/pkg/netpol/eval/eval_test.go index 2fff0a28..a45c1a5f 100644 --- a/pkg/netpol/eval/eval_test.go +++ b/pkg/netpol/eval/eval_test.go @@ -1806,6 +1806,9 @@ func pickContainedConn(conn *common.ConnectionSet) (resProtocol, resPort string) return string(v1.ProtocolTCP), defaultPort } for protocol, portSet := range conn.AllowedProtocols { + if portSet.IsEmpty() { // at least in some protocol, portSet will not be empty + continue + } resProtocol = string(protocol) if portSet.IsAll() { resPort = defaultPort diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go index cf785896..047e73d4 100644 --- a/pkg/netpol/eval/internal/k8s/adminnetpol.go +++ b/pkg/netpol/eval/internal/k8s/adminnetpol.go @@ -92,7 +92,9 @@ func (anp *AdminNetworkPolicy) GetIngressPolicyConns(src, dst Peer) (*PolicyConn rulePorts := rule.Ports ruleWarnings = []string{} // clear the ruleWarnings (for each rule) // following func also updates the warnings var - err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, src, dst, res, string(rule.Action), false) + err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(anp.fullName(), rule.Name, string(rule.Action), true), + src, dst, res, string(rule.Action), false) anp.savePolicyWarnings(rule.Name) if err != nil { return nil, anp.anpRuleErr(rule.Name, err.Error()) @@ -108,7 +110,9 @@ func (anp *AdminNetworkPolicy) GetEgressPolicyConns(dst Peer) (*PolicyConnection rulePeers := rule.To rulePorts := rule.Ports ruleWarnings = []string{} // clear ruleWarnings (for each rule), so it is updated by following call - err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, dst, res, string(rule.Action), false) + err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(anp.fullName(), rule.Name, string(rule.Action), false), + dst, res, string(rule.Action), false) anp.savePolicyWarnings(rule.Name) if err != nil { return nil, anp.anpRuleErr(rule.Name, err.Error()) @@ -342,7 +346,8 @@ func ingressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyIngressPeer, s // updateConnsIfEgressRuleSelectsPeer checks if the given dst is selected by given egress rule, // if yes, updates given policyConns with the rule's connections func updateConnsIfEgressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyEgressPeer, - rulePorts *[]apisv1a.AdminNetworkPolicyPort, dst Peer, policyConns *PolicyConnections, action string, isBANPrule bool) error { + rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, dst Peer, policyConns *PolicyConnections, + action string, isBANPrule bool) error { if len(rulePeers) == 0 { return errors.New(netpolerrors.ANPEgressRulePeersErr) } @@ -353,14 +358,15 @@ func updateConnsIfEgressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyEg if !peerSelected { return nil } - err = updatePolicyConns(rulePorts, policyConns, dst, action, isBANPrule) + err = updatePolicyConns(rulePorts, ruleName, policyConns, dst, action, isBANPrule, false) return err } // updateConnsIfIngressRuleSelectsPeer checks if the given src is selected by given ingress rule, // if yes, updates given policyConns with the rule's connections func updateConnsIfIngressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyIngressPeer, - rulePorts *[]apisv1a.AdminNetworkPolicyPort, src, dst Peer, policyConns *PolicyConnections, action string, isBANPrule bool) error { + rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, src, dst Peer, policyConns *PolicyConnections, + action string, isBANPrule bool) error { if len(rulePeers) == 0 { return errors.New(netpolerrors.ANPIngressRulePeersErr) } @@ -371,16 +377,16 @@ func updateConnsIfIngressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyI if !peerSelected { return nil } - err = updatePolicyConns(rulePorts, policyConns, dst, action, isBANPrule) + err = updatePolicyConns(rulePorts, ruleName, policyConns, dst, action, isBANPrule, true) return err } // updatePolicyConns gets the rule connections from the rule.ports and updates the input policy connections // with the rule's conns considering the action -func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, policyConns *PolicyConnections, dst Peer, - action string, isBANPrule bool) error { +func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, policyConns *PolicyConnections, dst Peer, + action string, isBANPrule, isIngress bool) error { // get rule connections from rulePorts - ruleConns, err := ruleConnections(rulePorts, dst) + ruleConns, err := ruleConnections(rulePorts, ruleName, isBANPrule, dst, isIngress) if err != nil { return err } @@ -390,9 +396,16 @@ func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, policyConns } // ruleConnections returns the connectionSet from the current rule.Ports -func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common.ConnectionSet, error) { - if ports == nil { - return common.MakeConnectionSet(true), nil // If Ports is not set then the rule does not filter traffic via port. +func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, + isBANPrule bool, dst Peer, isIngress bool) (*common.ConnectionSet, error) { + var layer common.LayerType + if isBANPrule { + layer = common.BANPLayer + } else { + layer = common.ANPLayer + } + if ports == nil { // If Ports is not set then the rule does not filter traffic via port. + return common.MakeConnectionSetWithRule(true, ruleName, layer, isIngress), nil } res := common.MakeConnectionSet(false) for _, anpPort := range *ports { @@ -406,7 +419,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common if anpPort.PortNumber.Protocol != "" { protocol = anpPort.PortNumber.Protocol } - portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port)) + portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port), common.MakeImplyingRulesWithRule(ruleName, layer, isIngress)) case anpPort.NamedPort != nil: if dst.PeerType() == IPBlockType { // IPblock does not have named-ports defined, warn and continue @@ -421,7 +434,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common if podProtocol != "" { protocol = v1.Protocol(podProtocol) } - portSet.AddPort(intstr.FromInt32(podPort)) + portSet.AddPort(intstr.FromInt32(podPort), common.MakeImplyingRulesWithRule(ruleName, layer, isIngress)) case anpPort.PortRange != nil: if anpPort.PortRange.Protocol != "" { protocol = anpPort.PortRange.Protocol @@ -430,7 +443,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common // illegal: rule with empty range; (start/ end not in the legal range or end < start) return nil, errors.New(alerts.IllegalPortRangeError(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End))) } - portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End)) + portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End), true, ruleName, layer, isIngress) } res.AddConnection(protocol, portSet) } @@ -605,6 +618,18 @@ func isIPv6Cidr(cidr apisv1a.CIDR) (bool, error) { return ipNet.IP.To4() == nil, nil } +func (anp *AdminNetworkPolicy) fullName() string { + return "[ANP] " + anp.Name +} + +func ruleFullName(policyName, ruleName, action string, isIngress bool) string { + xgress := egressName + if isIngress { + xgress = ingressName + } + return fmt.Sprintf("%s // %s rule %s (%s)", policyName, xgress, ruleName, action) +} + // rulePeersReferencedNetworks returns a list of IPBlocks representing the CIDRs referenced by the given rulePeers' Networks field. func rulePeersReferencedIPBlocks(rulePeers []apisv1a.AdminNetworkPolicyEgressPeer) ([]*netset.IPBlock, error) { res := []*netset.IPBlock{} diff --git a/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go b/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go index 92c0c171..73aed150 100644 --- a/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go +++ b/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go @@ -76,6 +76,10 @@ func (banp *BaselineAdminNetworkPolicy) savePolicyWarnings(ruleName string) { } } +func (banp *BaselineAdminNetworkPolicy) fullName() string { + return "[BANP] " + banp.Name +} + // GetEgressPolicyConns returns the connections from the egress rules selecting the dst in spec of the baselineAdminNetworkPolicy func (banp *BaselineAdminNetworkPolicy) GetEgressPolicyConns(dst Peer) (*PolicyConnections, error) { res := NewPolicyConnections() @@ -83,7 +87,9 @@ func (banp *BaselineAdminNetworkPolicy) GetEgressPolicyConns(dst Peer) (*PolicyC rulePeers := rule.To rulePorts := rule.Ports ruleWarnings = []string{} // clear ruleWarnings (for each rule) to be update while looping rule peers in next call - err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, dst, res, string(rule.Action), true) + err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(banp.fullName(), rule.Name, string(rule.Action), false), + dst, res, string(rule.Action), true) banp.savePolicyWarnings(rule.Name) if err != nil { return nil, banpRuleErr(rule.Name, err.Error()) @@ -99,7 +105,9 @@ func (banp *BaselineAdminNetworkPolicy) GetIngressPolicyConns(src, dst Peer) (*P rulePeers := rule.From rulePorts := rule.Ports ruleWarnings = []string{} // clear ruleWarnings (for each rule) to be update while looping rule peers in next call - err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, src, dst, res, string(rule.Action), true) + err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(banp.fullName(), rule.Name, string(rule.Action), true), + src, dst, res, string(rule.Action), true) banp.savePolicyWarnings(rule.Name) if err != nil { return nil, banpRuleErr(rule.Name, err.Error()) diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 8cb211d8..7f332e56 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -65,8 +65,10 @@ type PolicyExposureWithoutSelectors struct { // if so, also consider concurrent access (or declare not goroutine safe?) const ( - portBase = 10 - portBits = 32 + portBase = 10 + portBits = 32 + egressName = "Egress" + ingressName = "Ingress" ) func getProtocolStr(p *v1.Protocol) string { @@ -128,6 +130,13 @@ func isEmptyPortRange(start, end int64) bool { (start > common.MaxPort || end > common.MaxPort) } +func (np *NetworkPolicy) rulePeersAndPorts(ruleIdx int, isIngress bool) ([]netv1.NetworkPolicyPeer, []netv1.NetworkPolicyPort) { + if isIngress { + return np.Spec.Ingress[ruleIdx].From, np.Spec.Ingress[ruleIdx].Ports + } + return np.Spec.Egress[ruleIdx].To, np.Spec.Egress[ruleIdx].Ports +} + // doesRulePortContain gets protocol and port numbers of a rule and other protocol and port; // returns if other is contained in the rule's port func doesRulePortContain(ruleProtocol, otherProtocol string, ruleStartPort, ruleEndPort, otherPort int64) bool { @@ -143,20 +152,26 @@ func doesRulePortContain(ruleProtocol, otherProtocol string, ruleStartPort, rule return false } -func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, dst Peer) (*common.ConnectionSet, error) { +func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, dst Peer, + ruleIdx int, isIngress bool) (*common.ConnectionSet, error) { if len(rulePorts) == 0 { - return common.MakeConnectionSet(true), nil // If this field is empty or missing, this rule matches all ports + // If this field is empty or missing, this rule matches all ports // (traffic not restricted by port) + return common.MakeConnectionSetWithRule(true, np.ruleName(ruleIdx, isIngress), common.NPLayer, isIngress), nil } - res := common.MakeConnectionSet(false) + ruleName := np.ruleName(ruleIdx, isIngress) + // all protocols are affected by the rule + res := common.MakeConnectionSetWithRule(false, common.ExplNotReferencedProtocols(ruleName), common.NPLayer, isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { protocol = *rulePorts[i].Protocol } - ports := common.MakePortSet(false) + // the whole port range is affected by the rule (not only ports mentioned in the rule) + ports := common.MakeEmptyPortSetWithImplyingRules( + common.MakeImplyingRulesWithRule(common.ExplNotReferencedPorts(ruleName), common.NPLayer, isIngress)) if rulePorts[i].Port == nil { - ports = common.MakePortSet(true) + ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { startPort, endPort, portName, err := np.getPortsRange(rulePorts[i], dst) if err != nil { @@ -180,7 +195,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds // 4- in order to get a connection from any pod to an ip dst (will not get here, as named ports are not defined for ip-blocks) if dst == nil || isPeerRepresentative(dst) { // (1 & 2) // adding portName string to the portSet - ports.AddPort(intstr.FromString(portName)) + ports.AddPort(intstr.FromString(portName), common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { // dst is a real pod (3) // add a warning that the "named port" of the rule is ignored, since it has no match in the pod config. np.saveNetpolWarning(np.netpolWarning(alerts.WarnUnmatchedNamedPort(portName, dst.String()))) @@ -190,11 +205,16 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } } else { // if !isEmptyPortRange(startPort, endPort) (the other valid result) - ports.AddPortRange(startPort, endPort) + ports.AddPortRange(startPort, endPort, true, ruleName, common.NPLayer, isIngress) } } res.AddConnection(protocol, ports) } + if res.IsEmpty() { + // no connections found --> "named ports" of the rule had no match in the pod config + // remove empty protocols if any + res = common.MakeConnectionSetWithRule(false, common.ExplNoMatchOfNamedPortsToDst(ruleName), common.NPLayer, isIngress) + } return res, nil } @@ -387,63 +407,68 @@ func (np *NetworkPolicy) EgressAllowedConn(dst Peer, protocol, port string) (boo return false, nil } -// GetEgressAllowedConns returns the set of allowed connections from any captured pod to the destination peer -func (np *NetworkPolicy) GetEgressAllowedConns(dst Peer) (*common.ConnectionSet, error) { - res := common.MakeConnectionSet(false) - for _, rule := range np.Spec.Egress { - rulePeers := rule.To - rulePorts := rule.Ports - peerSelected, err := np.ruleSelectsPeer(rulePeers, dst) - if err != nil { - return res, err - } - if !peerSelected { - continue - } - ruleConns, err := np.ruleConnections(rulePorts, dst) - if err != nil { - return res, err - } - res.Union(ruleConns) - if res.AllowAll { - return res, nil - } +const ( + CapturedButNotSelectedTxt = "captured but not selected by any %s rule" + CapturedButNotSelectedExpl = "(" + CapturedButNotSelectedTxt + ")" + NoXgressRulesExpl = "(" + CapturedButNotSelectedTxt + " - no rules defined)" +) + +func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) string { + xgress := "Egress" + if isIngress { + xgress = "Ingress" } - return res, nil + return fmt.Sprintf("%s // %s "+expl, np.FullName(), xgress, xgress) } -// GetIngressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer -func (np *NetworkPolicy) GetIngressAllowedConns(src, dst Peer) (*common.ConnectionSet, error) { +// GetXgressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer (for Ingress) +// or from any captured pod to the dst peer (for Egress) +func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { res := common.MakeConnectionSet(false) - for _, rule := range np.Spec.Ingress { - rulePeers := rule.From - rulePorts := rule.Ports - peerSelected, err := np.ruleSelectsPeer(rulePeers, src) + if (isIngress && len(np.Spec.Ingress) == 0) || (!isIngress && len(np.Spec.Egress) == 0) { + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, NoXgressRulesExpl), common.NPLayer, isIngress) + return res, nil + } + peerSelectedByAnyRule := false + numOfRules := len(np.Spec.Egress) + if isIngress { + numOfRules = len(np.Spec.Ingress) + } + for idx := 0; idx < numOfRules; idx++ { + rulePeers, rulePorts := np.rulePeersAndPorts(idx, isIngress) + peerToSelect := dst + if isIngress { + peerToSelect = src + } + peerSelected, err := np.ruleSelectsPeer(rulePeers, peerToSelect) if err != nil { return res, err } if !peerSelected { continue } - - ruleConns, err := np.ruleConnections(rulePorts, dst) + peerSelectedByAnyRule = true + ruleConns, err := np.ruleConnections(rulePorts, dst, idx, isIngress) if err != nil { return res, err } - res.Union(ruleConns) + res.Union(ruleConns, false) if res.AllowAll { return res, nil } } + if !peerSelectedByAnyRule { + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, CapturedButNotSelectedExpl), common.NPLayer, isIngress) + } return res, nil } func (np *NetworkPolicy) netpolWarning(description string) string { - return fmt.Sprintf("network policy %q: %s", np.fullName(), description) + return fmt.Sprintf("network policy %q: %s", np.FullName(), description) } func (np *NetworkPolicy) netpolErr(title, description string) error { - return fmt.Errorf("network policy %s %s: %s", np.fullName(), title, description) + return fmt.Errorf("network policy %s %s: %s", np.FullName(), title, description) } func (np *NetworkPolicy) parseNetpolCIDR(cidr string, except []string) (*netset.IPBlock, error) { @@ -544,8 +569,16 @@ func (np *NetworkPolicy) Selects(p *Pod, direction netv1.PolicyType) (bool, erro return selector.Matches(labels.Set(p.Labels)), nil } -func (np *NetworkPolicy) fullName() string { - return types.NamespacedName{Name: np.Name, Namespace: np.Namespace}.String() +func (np *NetworkPolicy) FullName() string { + return "[NP] " + types.NamespacedName{Name: np.Name, Namespace: np.Namespace}.String() +} + +func (np *NetworkPolicy) ruleName(ruleIdx int, isIngress bool) string { + xgress := egressName + if isIngress { + xgress = ingressName + } + return fmt.Sprintf("%s // %s rule #%d", np.FullName(), xgress, ruleIdx+1) } func (np *NetworkPolicy) LogWarnings(l logger.Logger) { @@ -587,10 +620,10 @@ func (np *NetworkPolicy) GetPolicyRulesSelectorsAndUpdateExposureClusterWideConn // scanIngressRules handles policy's ingress rules (for updating policy's wide conns/ returning specific rules' selectors) func (np *NetworkPolicy) scanIngressRules() ([]SingleRuleSelectors, error) { rulesSelectors := []SingleRuleSelectors{} - for _, rule := range np.Spec.Ingress { + for idx, rule := range np.Spec.Ingress { rulePeers := rule.From rulePorts := rule.Ports - selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, true) + selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, idx, true) if err != nil { return nil, err } @@ -602,10 +635,10 @@ func (np *NetworkPolicy) scanIngressRules() ([]SingleRuleSelectors, error) { // scanEgressRules handles policy's egress rules (for updating policy's wide conns/ returning specific rules' selectors) func (np *NetworkPolicy) scanEgressRules() ([]SingleRuleSelectors, error) { rulesSelectors := []SingleRuleSelectors{} - for _, rule := range np.Spec.Egress { + for idx, rule := range np.Spec.Egress { rulePeers := rule.To rulePorts := rule.Ports - selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, false) + selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, idx, false) if err != nil { return nil, err } @@ -623,9 +656,9 @@ func (np *NetworkPolicy) scanEgressRules() ([]SingleRuleSelectors, error) { // - if a rule contains at least one defined selector : appends the rule selectors to a selector list which will be returned. // this func assumes rules are legal (rules correctness check occurs later) func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []netv1.NetworkPolicyPeer, rulePorts []netv1.NetworkPolicyPort, - isIngress bool) (rulesSelectors []SingleRuleSelectors, err error) { + ruleIdx int, isIngress bool) (rulesSelectors []SingleRuleSelectors, err error) { if len(rules) == 0 { - err = np.updateNetworkPolicyExposureClusterWideConns(true, true, rulePorts, isIngress) + err = np.updateNetworkPolicyExposureClusterWideConns(true, true, rulePorts, ruleIdx, isIngress) return nil, err } for i := range rules { @@ -640,7 +673,7 @@ func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []n // if podSelector is not nil but namespaceSelector is nil, this is the netpol's namespace if rules[i].NamespaceSelector != nil && rules[i].NamespaceSelector.Size() == 0 && (rules[i].PodSelector == nil || rules[i].PodSelector.Size() == 0) { - err = np.updateNetworkPolicyExposureClusterWideConns(false, true, rulePorts, isIngress) + err = np.updateNetworkPolicyExposureClusterWideConns(false, true, rulePorts, ruleIdx, isIngress) return nil, err } // else selectors' combination specifies workloads by labels (at least one is not nil and not empty) @@ -653,23 +686,23 @@ func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []n // updateNetworkPolicyExposureClusterWideConns updates the cluster-wide exposure connections of the policy func (np *NetworkPolicy) updateNetworkPolicyExposureClusterWideConns(externalExposure, entireCluster bool, - rulePorts []netv1.NetworkPolicyPort, isIngress bool) error { - ruleConns, err := np.ruleConnections(rulePorts, nil) + rulePorts []netv1.NetworkPolicyPort, ruleIdx int, isIngress bool) error { + ruleConns, err := np.ruleConnections(rulePorts, nil, ruleIdx, isIngress) if err != nil { return err } if externalExposure { if isIngress { - np.IngressPolicyExposure.ExternalExposure.Union(ruleConns) + np.IngressPolicyExposure.ExternalExposure.Union(ruleConns, false) } else { - np.EgressPolicyExposure.ExternalExposure.Union(ruleConns) + np.EgressPolicyExposure.ExternalExposure.Union(ruleConns, false) } } if entireCluster { if isIngress { - np.IngressPolicyExposure.ClusterWideExposure.Union(ruleConns) + np.IngressPolicyExposure.ClusterWideExposure.Union(ruleConns, false) } else { - np.EgressPolicyExposure.ClusterWideExposure.Union(ruleConns) + np.EgressPolicyExposure.ClusterWideExposure.Union(ruleConns, false) } } return nil diff --git a/pkg/netpol/eval/internal/k8s/netpol_test.go b/pkg/netpol/eval/internal/k8s/netpol_test.go index e36c0671..11e3d4be 100644 --- a/pkg/netpol/eval/internal/k8s/netpol_test.go +++ b/pkg/netpol/eval/internal/k8s/netpol_test.go @@ -11,7 +11,10 @@ import ( v1 "k8s.io/api/core/v1" netv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" ) /*func TestCreatePod(t *testing.T) { @@ -93,8 +96,18 @@ func TestNetworkPolicyPortAnalysis(t *testing.T) { Protocol: &UDP, Port: &PortHello, } - n := &NetworkPolicy{} - res, err := n.ruleConnections([]netv1.NetworkPolicyPort{AllowNamedPortOnProtocol}, &dst) + n := &NetworkPolicy{ + &netv1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-name", + Namespace: "test-namespace", + }, + }, + PolicyExposureWithoutSelectors{}, + PolicyExposureWithoutSelectors{}, + common.Warnings{}, + } + res, err := n.ruleConnections([]netv1.NetworkPolicyPort{AllowNamedPortOnProtocol}, &dst, 0, false) expectedConnStr := "UDP 22" if res.String() != expectedConnStr { t.Fatalf("mismatch on ruleConnections result: expected %v, got %v", expectedConnStr, res.String()) diff --git a/pkg/netpol/eval/internal/k8s/pod.go b/pkg/netpol/eval/internal/k8s/pod.go index d84d93e0..344ffee2 100644 --- a/pkg/netpol/eval/internal/k8s/pod.go +++ b/pkg/netpol/eval/internal/k8s/pod.go @@ -270,7 +270,7 @@ func (pod *Pod) PodExposedTCPConnections() *common.ConnectionSet { protocol := corev1.ProtocolTCP if cPort.Protocol == "" || protocol == corev1.ProtocolTCP { ports := common.MakePortSet(false) - ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort)) + ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort), true, "", common.DefaultLayer, true) res.AddConnection(protocol, ports) } } @@ -300,12 +300,12 @@ func (pod *Pod) UpdatePodXgressExposureToEntireClusterData(ruleConns *common.Con // matching port number convertedConns := pod.checkAndConvertNamedPortsInConnection(ruleConns) if convertedConns != nil { - pod.IngressExposureData.ClusterWideConnection.Union(convertedConns) + pod.IngressExposureData.ClusterWideConnection.Union(convertedConns, false) } else { - pod.IngressExposureData.ClusterWideConnection.Union(ruleConns) + pod.IngressExposureData.ClusterWideConnection.Union(ruleConns, false) } } else { - pod.EgressExposureData.ClusterWideConnection.Union(ruleConns) + pod.EgressExposureData.ClusterWideConnection.Union(ruleConns, false) } } @@ -319,10 +319,10 @@ func (pod *Pod) checkAndConvertNamedPortsInConnection(conns *common.ConnectionSe connsCopy := conns.Copy() // copying the connectionSet; in order to replace // the named ports with pod's port numbers if possible for protocol, namedPorts := range connNamedPorts { - for _, namedPort := range namedPorts { + for namedPort, implyingRules := range namedPorts { podProtocol, portNum := pod.ConvertPodNamedPort(namedPort) if podProtocol == string(protocol) && portNum != common.NoPort { // matching port and protocol - connsCopy.ReplaceNamedPortWithMatchingPortNum(protocol, namedPort, portNum) + connsCopy.ReplaceNamedPortWithMatchingPortNum(protocol, namedPort, portNum, implyingRules) } } } diff --git a/pkg/netpol/eval/internal/k8s/policy_connections.go b/pkg/netpol/eval/internal/k8s/policy_connections.go index ca7b74b3..fb494cec 100644 --- a/pkg/netpol/eval/internal/k8s/policy_connections.go +++ b/pkg/netpol/eval/internal/k8s/policy_connections.go @@ -45,22 +45,24 @@ func (pc *PolicyConnections) UpdateWithRuleConns(ruleConns *common.ConnectionSet // banpRules indicates if the rules are coming from BANP; flag used to check the rule Actions are valid since: // Unlike AdminNetworkPolicies that enable: "Pass, Deny or Allow" as the action of each rule. // BaselineAdminNetworkPolicies allows only "Allow and Deny" as the action of each rule. + // 'false' in the Union calls below indicates to not collect explainability rules, since in the ANP/BANP level + // rule order defines their precedence, and so each connection may ve defined by at most one rule. switch ruleAction { case string(apisv1a.AdminNetworkPolicyRuleActionAllow): ruleConns.Subtract(pc.DeniedConns) ruleConns.Subtract(pc.PassConns) - pc.AllowedConns.Union(ruleConns) + pc.AllowedConns.Union(ruleConns, false) case string(apisv1a.AdminNetworkPolicyRuleActionDeny): ruleConns.Subtract(pc.AllowedConns) ruleConns.Subtract(pc.PassConns) - pc.DeniedConns.Union(ruleConns) + pc.DeniedConns.Union(ruleConns, false) case string(apisv1a.AdminNetworkPolicyRuleActionPass): if banpRules { return fmt.Errorf(netpolerrors.UnknownRuleActionErr) } ruleConns.Subtract(pc.AllowedConns) ruleConns.Subtract(pc.DeniedConns) - pc.PassConns.Union(ruleConns) + pc.PassConns.Union(ruleConns, false) default: return fmt.Errorf(netpolerrors.UnknownRuleActionErr) } @@ -79,9 +81,16 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti newAdminPolicyConns.PassConns.Subtract(pc.DeniedConns) newAdminPolicyConns.PassConns.Subtract(pc.AllowedConns) // add the new conns from current policy to the connections from the policies with higher precedence - pc.DeniedConns.Union(newAdminPolicyConns.DeniedConns) - pc.AllowedConns.Union(newAdminPolicyConns.AllowedConns) - pc.PassConns.Union(newAdminPolicyConns.PassConns) + // 'false' in the Union calls below indicates to not collect explainability rules, since in the ANP level + // each connection may ve defined by at most one ANP (according to the precedence). + pc.DeniedConns.Union(newAdminPolicyConns.DeniedConns, false) + pc.AllowedConns.Union(newAdminPolicyConns.AllowedConns, false) + pc.PassConns.Union(newAdminPolicyConns.PassConns, false) +} + +// ComplementPassConns complements pass connections to all connections (by adding the absent conections) +func (pc *PolicyConnections) ComplementPassConns() { + pc.PassConns.Union(common.MakeConnectionSet(true), false) } // CollectAllowedConnsFromNetpols updates allowed conns of current PolicyConnections object with allowed connections from @@ -92,14 +101,21 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti // and any connection that is not allowed by the netpols is denied. // 2. pass connections in current PolicyConnections object will be determined by the input PolicyConnections parameter. func (pc *PolicyConnections) CollectAllowedConnsFromNetpols(npConns *PolicyConnections) { + // This intersection with PassConn does not have effect the resulting connectios, + // but it updates implying rules, representing the effect of PassConn as well + // We start from PassConn, and intersect it with npConns.AllowedConns, + // because the order of intersection impacts the order of implying rules. + newConn := pc.PassConns.Copy() + newConn.Intersection(npConns.AllowedConns) // collect implying rules from pc.PassConns and npConns.AllowedConns // subtract the denied conns (which are non-overridden) from input conns - npConns.AllowedConns.Subtract(pc.DeniedConns) + newConn.Subtract(pc.DeniedConns) // PASS conns are determined by npConns // currently, npConns.AllowedConns contains: // 1. traffic that was passed by ANPs (if there are such conns) // 2. traffic that had no match in ANPs // so we can update current allowed conns with them - pc.AllowedConns.Union(npConns.AllowedConns) + // 'false' below: we don't add implying rules from NPs if the connections were defined by ANPs + pc.AllowedConns.Union(newConn, false) // now pc.AllowedConns contains all allowed conns by the ANPs and NPs // the content of pc.Denied and pc.Pass is not relevant anymore; // all the connections that are not allowed by the ANPs and NPs are denied. @@ -116,14 +132,22 @@ func (pc *PolicyConnections) CollectAllowedConnsFromNetpols(npConns *PolicyConne // is allowed by default func (pc *PolicyConnections) CollectConnsFromBANP(banpConns *PolicyConnections) { // allowed and denied conns of current pc are non-overridden - banpConns.DeniedConns.Subtract(pc.AllowedConns) - pc.DeniedConns.Union(banpConns.DeniedConns) - // now Pass conns which are denied by BANP were handled automatically; - // Pass Conns which are allowed or not captured by BANP, will be handled now with all other conns. - // pc.PassConns is not relevant anymore. + + // This Union with PassConn does not have effect on the resulting connectios, + // but it updates implying rules, representing the effect of PassConn as well + // We start from PassConn, and union banpConns.DeniedConns with it, + // because the order of Union impacts the order of implying rules. + newDenied := pc.PassConns.Copy() + newDenied.Intersection(banpConns.DeniedConns) // collect implying rules from pc.PassConns and banpConns.DeniedConns + newDenied.Subtract(pc.AllowedConns) + pc.DeniedConns.Union(newDenied, false) // 'false' because denied conns may be already defined by pc.DeniedConns // the allowed conns are "all conns - the denied conns" - // since all conns that are not determined by the ANP and BANP are allowed by default - pc.AllowedConns = common.MakeConnectionSet(true) + // all conns that are not determined by the ANP and BANP are allowed by default, + // and are kept in banpConns.AllowedConns (were returned by getXgressDefaultConns) + newAllowed := pc.PassConns.Copy() + newAllowed.Intersection(banpConns.AllowedConns) // collect implying rules from pc.PassConns and banpConns.AllowedConns + pc.AllowedConns.Union(newAllowed, false) // 'false' because allowed conns may be already defined by pc.AllowedConns + pc.AllowedConns.Subtract(pc.DeniedConns) } @@ -136,6 +160,6 @@ func (pc *PolicyConnections) IsEmpty() bool { // selects all the connections func (pc *PolicyConnections) DeterminesAllConns() bool { selectedConns := pc.AllowedConns.Copy() - selectedConns.Union(pc.DeniedConns) + selectedConns.Union(pc.DeniedConns, false) return selectedConns.IsAllConnections() } diff --git a/pkg/netpol/eval/resources.go b/pkg/netpol/eval/resources.go index 7ecd9936..4fe11bb3 100644 --- a/pkg/netpol/eval/resources.go +++ b/pkg/netpol/eval/resources.go @@ -26,7 +26,6 @@ import ( policyapi "sigs.k8s.io/network-policy-api/pkg/client/clientset/versioned" "github.com/np-guard/models/pkg/netset" - pkgcommon "github.com/np-guard/netpol-analyzer/pkg/internal/common" "github.com/np-guard/netpol-analyzer/pkg/internal/netpolerrors" "github.com/np-guard/netpol-analyzer/pkg/logger" @@ -52,6 +51,7 @@ type ( baselineAdminNetpol *k8s.BaselineAdminNetworkPolicy // pointer to BaselineAdminNetworkPolicy which is a cluster singleton object cache *evalCache exposureAnalysisFlag bool + explain bool representativePeersMap map[string]*k8s.WorkloadPeer // map from unique labels string to representative peer object, // used only with exposure analysis (representative peer object is a workloadPeer with kind == "RepresentativePeer") objectsList []parser.K8sObject // list of k8s objects to be inserted to the policy-engine @@ -79,6 +79,13 @@ func WithLogger(l logger.Logger) PolicyEngineOption { } } +// WithExplanation is a functional option which directs PolicyEngine whether to perform explainability analysis +func WithExplanation(explain bool) PolicyEngineOption { + return func(pe *PolicyEngine) { + pe.explain = explain + } +} + // WithExposureAnalysis is a functional option which directs PolicyEngine to perform exposure analysis func WithExposureAnalysis() PolicyEngineOption { return func(pe *PolicyEngine) { @@ -104,6 +111,7 @@ func NewPolicyEngine() *PolicyEngine { adminNetpolsMap: make(map[string]bool), cache: newEvalCache(), exposureAnalysisFlag: false, + explain: false, logger: logger.NewDefaultLogger(), } } @@ -117,9 +125,10 @@ func NewPolicyEngineWithObjects(objects []parser.K8sObject) (*PolicyEngine, erro // NewPolicyEngineWithOptions returns a new policy engine with an empty state but updating the exposure analysis flag // Deprecated: this function is implemented also within NewPolicyEngineWithOptionsList -func NewPolicyEngineWithOptions(exposureFlag bool) *PolicyEngine { +func NewPolicyEngineWithOptions(exposureFlag, explain bool) *PolicyEngine { pe := NewPolicyEngine() pe.exposureAnalysisFlag = exposureFlag + pe.explain = explain if exposureFlag { pe.representativePeersMap = make(map[string]*k8s.WorkloadPeer) } diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go new file mode 100644 index 00000000..fa24cb5c --- /dev/null +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -0,0 +1,759 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package common + +import ( + "fmt" + "log" + "slices" + "sort" + "strings" + + "github.com/np-guard/models/pkg/interval" +) + +type LayerType int + +const ( + DefaultLayer = iota + BANPLayer + NPLayer + ANPLayer +) + +type ExplResultType int + +const ( + NoResult ExplResultType = iota + AllowResult + DenyResult +) + +type ImplyingXgressRulesType struct { + Rules map[string]int + // DominantLayer keeps the highest priority layer among the current rules; + // used in combination with collectStyle flag (on 'NeverCollectRules' value) in updateImplyingRules + DominantLayer LayerType + // Result keeps the final connectivity decision which follows from the above rules + // (allow, deny or not set) + // It is used for specifying explainability decision per direction (Egress/Ingress) + Result ExplResultType +} + +type ImplyingRulesType struct { + Ingress ImplyingXgressRulesType // an ordered set of ingress rules, used for explainability + Egress ImplyingXgressRulesType // an ordered set of egress rules, used for explainability +} + +func InitImplyingXgressRules() ImplyingXgressRulesType { + return ImplyingXgressRulesType{Rules: map[string]int{}, DominantLayer: DefaultLayer, Result: NoResult} +} + +func MakeImplyingXgressRulesWithRule(rule string, layer LayerType) ImplyingXgressRulesType { + res := InitImplyingXgressRules() + res.AddXgressRule(rule, layer) + return res +} + +func InitImplyingRules() ImplyingRulesType { + return ImplyingRulesType{Ingress: InitImplyingXgressRules(), Egress: InitImplyingXgressRules()} +} + +func MakeImplyingRulesWithRule(rule string, layer LayerType, isIngress bool) ImplyingRulesType { + res := InitImplyingRules() + if isIngress { + res.Ingress = MakeImplyingXgressRulesWithRule(rule, layer) + } else { + res.Egress = MakeImplyingXgressRulesWithRule(rule, layer) + } + return res +} + +func (rules *ImplyingXgressRulesType) Equal(other *ImplyingXgressRulesType) bool { + return rules.String() == other.String() +} + +func (rules *ImplyingRulesType) Equal(other *ImplyingRulesType) bool { + return rules.Ingress.Equal(&other.Ingress) && rules.Egress.Equal(&other.Egress) +} + +func (rules *ImplyingXgressRulesType) Copy() ImplyingXgressRulesType { + res := ImplyingXgressRulesType{Rules: map[string]int{}, DominantLayer: rules.DominantLayer, Result: rules.Result} + for k, v := range rules.Rules { + res.Rules[k] = v + } + return res +} + +func (rules *ImplyingRulesType) Copy() ImplyingRulesType { + res := InitImplyingRules() + res.Ingress = rules.Ingress.Copy() + res.Egress = rules.Egress.Copy() + return res +} + +const ( + ExplString = "due to " + ExplWithRulesTitle = ExplString + "the following policies // rules:" + IngressDirectionTitle = "\tINGRESS DIRECTION" + EgressDirectionTitle = "\tEGRESS DIRECTION" + NewLine = "\n" + SpaceSeparator = " " + ExplAllowAll = " (Allow all)" + SystemDefaultString = "the system default" + SystemDefaultRule = SystemDefaultString + ExplAllowAll + IPDefaultString = SystemDefaultString // currently the same as system default; change for different explanation for IP default + IPDefaultRule = IPDefaultString + ExplAllowAll + ExplSystemDefault = ExplString + SystemDefaultRule + PodToItselfRule = "pod to itself " + ExplAllowAll + allowResultStr = "ALLOWED" + denyResultStr = "DENIED" +) + +func (rules *ImplyingXgressRulesType) onlyDefaultRule() bool { + return len(rules.Rules) == 1 && rules.DominantLayer == DefaultLayer +} + +func (rules *ImplyingXgressRulesType) removeDefaultRule() { + if rules.onlyDefaultRule() { + *rules = InitImplyingXgressRules() + } +} + +func formattedExpl(expl string) string { + return "(" + expl + ")" +} + +func (rules *ImplyingXgressRulesType) resultString() string { + switch rules.Result { + case AllowResult: + return formattedExpl(allowResultStr) + case DenyResult: + return formattedExpl(denyResultStr) + default: + return "" + } +} + +func (rules *ImplyingXgressRulesType) String() string { + if rules.Empty() { + return rules.resultString() + } + onlyDefaultRule := rules.onlyDefaultRule() + + // print the rules according to their order + formattedRules := make([]string, 0, len(rules.Rules)) + for name, order := range rules.Rules { + if onlyDefaultRule { + formattedRules = append(formattedRules, name) + } else { + formattedRules = append(formattedRules, fmt.Sprintf("\t\t%d) %s", order+1, name)) + } + } + sort.Strings(formattedRules) // the rule index begins the string, like "2)" + result := rules.resultString() + if onlyDefaultRule { + result += SpaceSeparator + ExplString + } else { + result += NewLine + } + return result + strings.Join(formattedRules, NewLine) +} + +func (rules *ImplyingRulesType) OnlyDefaultRule() bool { + return rules.Ingress.onlyDefaultRule() && rules.Egress.onlyDefaultRule() +} + +func (rules *ImplyingRulesType) RemoveDefaultRule(isIngress bool) { + if isIngress { + rules.Ingress.removeDefaultRule() + } else { + rules.Egress.removeDefaultRule() + } +} + +func (rules ImplyingRulesType) String() string { + if rules.OnlyDefaultRule() { + return SpaceSeparator + SystemDefaultRule + NewLine + } + res := "" + if !rules.Egress.Empty() { + res += EgressDirectionTitle + SpaceSeparator + rules.Egress.String() + NewLine + } + if !rules.Ingress.Empty() { + res += IngressDirectionTitle + SpaceSeparator + rules.Ingress.String() + NewLine + } + if res == "" { + return NewLine + } + return SpaceSeparator + ExplWithRulesTitle + NewLine + res +} + +func (rules *ImplyingXgressRulesType) Empty() bool { + return len(rules.Rules) == 0 +} + +func (rules ImplyingRulesType) Empty() bool { + return rules.Ingress.Empty() && rules.Egress.Empty() +} + +func (rules *ImplyingXgressRulesType) AddXgressRule(ruleName string, ruleLayer LayerType) { + if ruleName != "" { + if _, ok := rules.Rules[ruleName]; !ok { + rules.Rules[ruleName] = len(rules.Rules) // a new rule should be the last + } + rules.DominantLayer = max(rules.DominantLayer, ruleLayer) + } +} + +func (rules *ImplyingRulesType) AddRule(ruleName string, ruleLayer LayerType, isIngress bool) { + if isIngress { + rules.Ingress.AddXgressRule(ruleName, ruleLayer) + } else { + rules.Egress.AddXgressRule(ruleName, ruleLayer) + } +} + +func (rules *ImplyingXgressRulesType) SetXgressResult(isAllowed bool) { + if isAllowed { + rules.Result = AllowResult + } else { + rules.Result = DenyResult + } +} + +func (rules *ImplyingRulesType) SetResult(isAllowed, isIngress bool) { + if isIngress { + rules.Ingress.SetXgressResult(isAllowed) + } else { + rules.Egress.SetXgressResult(isAllowed) + } +} + +// Union collects other implying rules into the current ones +func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType) { + // first, count how many rules are common in both sets + common := 0 + for name := range other.Rules { + if _, ok := rules.Rules[name]; ok { + common += 1 + } + } + offset := len(rules.Rules) - common + for name, order := range other.Rules { + if _, ok := rules.Rules[name]; !ok { // for the common rules, keep their original order in the current rules + rules.Rules[name] = order + offset // other rules should be addded after the current rules + } + } + rules.DominantLayer = max(rules.DominantLayer, other.DominantLayer) + // update Result if set + if other.Result != NoResult { + rules.SetXgressResult(other.Result == AllowResult) + } +} + +type CollectStyleType int + +const ( + NeverCollectRules CollectStyleType = iota + CollectSameInclusionRules + AlwaysCollectRules +) + +// Update implying rules by other (either keep, override or collect), according to the following flags: +// - 'sameInclusion' flag if true iff there is no change in an inclusion status +// of the updated AugmentedInterval / ConnectionSet +// (depending if the current rules come from AugmentedInterval.implyingRules / ConnectionSet.CommonImplyingRules); +// in case of AugmentedInterval, 'inSet' status is same, in case of ConnectionSet conn.AllowAll is same). +// - 'collectStyle' flag specifies whether and how to collect rules (as described below). +// +// The logic of the update is as follows: +// - if 'collectStyle' is AlwaysCollectRules (comes from Intersection of connection sets) --> collect the rules in any case +// (Intersection of connection sets scenario, mainly for intersecion with pass connections) +// - if 'collectStyle' is CollectSameInclusionRules and the inclusion status persists ('sameInclusion' is true) --> collect the rules +// (Union of connection sets of multiple NPs scenario) +// - otherwise, if the inclusion status changes ('sameInclusion' is false) --> override the rules +// - otherwise, if the DominantLayer priortiy of the other rules is higher --> override the rules +// - otherwise, keep the current rules. +func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameInclusion bool, + collectStyle CollectStyleType) ImplyingXgressRulesType { + result := rules.Copy() + if other.Empty() { + return result + } + if collectStyle == AlwaysCollectRules || (collectStyle == CollectSameInclusionRules && sameInclusion) { + result.Union(other) + return result + } + + // inclusion status changes --> override + if !sameInclusion { + result = other.Copy() + return result + } + // collectStyle == NeverCollectRules + // inclusion status persists --> keep or override according to the priority + if rules.Empty() || rules.DominantLayer < other.DominantLayer { + // rules are empty or of lower priority --> override + result = other.Copy() + } + return result +} + +func (rules ImplyingRulesType) Update(other ImplyingRulesType, sameInclusion bool, + collectStyle CollectStyleType) ImplyingRulesType { + result := ImplyingRulesType{} + result.Ingress = rules.Ingress.update(other.Ingress, sameInclusion, collectStyle) + result.Egress = rules.Egress.update(other.Egress, sameInclusion, collectStyle) + return result +} + +// This function returns whether the current rules may be updated by the other rules. +// It follows the logic of Update() (see explanation above). +func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, sameInclusion bool, + collectStyle CollectStyleType) bool { + if collectStyle == AlwaysCollectRules || (collectStyle == CollectSameInclusionRules && sameInclusion) { + // return true iff Union would change anything + for name := range other.Rules { + if _, ok := rules.Rules[name]; !ok { + return true + } + } + return false + } + return (!sameInclusion || rules.Empty() && !other.Empty()) || rules.DominantLayer < other.DominantLayer +} + +func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, sameInclusion bool, + collectStyle CollectStyleType) bool { + return rules.Ingress.mayBeUpdatedBy(other.Ingress, sameInclusion, collectStyle) || + rules.Egress.mayBeUpdatedBy(other.Egress, sameInclusion, collectStyle) +} + +const ( + NoIndex = -1 +) + +type AugmentedInterval struct { + interval interval.Interval + inSet bool + implyingRules ImplyingRulesType +} + +func NewAugmentedInterval(start, end int64, inSet bool) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: InitImplyingRules()} +} + +func NewAugmentedIntervalWithRule(start, end int64, inSet bool, rule string, layer LayerType, isIngress bool) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, + implyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} +} + +func NewAugmentedIntervalWithRules(start, end int64, inSet bool, rules ImplyingRulesType) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: rules.Copy()} +} + +func (augInt AugmentedInterval) Equal(other AugmentedInterval) bool { + return augInt.inSet == other.inSet && augInt.interval.Equal(other.interval) && augInt.implyingRules.Equal(&other.implyingRules) +} + +// AugmentedCanonicalSet is a set of int64 integers, implemented using an ordered slice of non-overlapping, non-touching intervals. +// The intervals should include both included intervals and holes; +// i.e., start of every interval is the end of a previous interval incremented by 1. +// An AugmentedCanonicalSet is created with an interval/hole covering the whole range for this kind of set. +// The assumption is that further operations on a set will never extend this initial range, +// i.e., the MinValue() and MaxValue() functions will always return the same results. +type AugmentedCanonicalSet struct { + intervalSet []AugmentedInterval +} + +func NewAugmentedCanonicalSet(minValue, maxValue int64, isAll bool) *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{ + intervalSet: []AugmentedInterval{ + NewAugmentedInterval(minValue, maxValue, isAll), // the full range interval (isAll==true) or 'hole' (isAll==false) + }, + } +} + +func NewAugmentedCanonicalSetWithRules(minValue, maxValue int64, isAll bool, rules ImplyingRulesType) *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{ + intervalSet: []AugmentedInterval{ + NewAugmentedIntervalWithRules(minValue, maxValue, isAll, rules), // the full range interval (isAll==true) or 'hole' (isAll==false) + }, + } +} + +func (c *AugmentedCanonicalSet) RemoveDefaultRule(isIngress bool) { + for ind := range c.intervalSet { + c.intervalSet[ind].implyingRules.RemoveDefaultRule(isIngress) + } +} + +func (c *AugmentedCanonicalSet) Intervals() []AugmentedInterval { + return slices.Clone(c.intervalSet) +} + +const ( + errMinFromEmptySet = "cannot take min from empty interval set" + errOutOfRangeInterval = "cannot add interval which is out of scope of AugmentedCanonicalSet" + errConflictingExplResult = "cannot override explanation result that has been already set" +) + +func (c *AugmentedCanonicalSet) MinValue() int64 { + if len(c.intervalSet) == 0 { + log.Panic(errMinFromEmptySet) + } + return c.intervalSet[0].interval.Start() +} + +func (c *AugmentedCanonicalSet) MaxValue() int64 { + size := len(c.intervalSet) + if size == 0 { + log.Panic(errMinFromEmptySet) + } + return c.intervalSet[size-1].interval.End() +} + +func (c *AugmentedCanonicalSet) Min() int64 { + if len(c.intervalSet) == 0 { + log.Panic(errMinFromEmptySet) + } + for _, interval := range c.intervalSet { + if interval.inSet { + return interval.interval.Start() + } + } + log.Panic(errMinFromEmptySet) + return 0 // making linter happy +} + +// IsEmpty returns true if the AugmentedCanonicalSet is semantically empty (i.e., no 'inSet' intervals, but may possibly include holes) +func (c *AugmentedCanonicalSet) IsEmpty() bool { + for _, interval := range c.intervalSet { + if interval.inSet { + return false + } + } + return true +} + +// Unfilled returns true if the AugmentedCanonicalSet is syntactically empty (i.e., none of intervals or holes in the interval set) +func (c *AugmentedCanonicalSet) IsUnfilled() bool { + return len(c.intervalSet) == 0 +} + +// func (c *AugmentedCanonicalSet) isConsistent() bool { +// lastInd := len(c.intervalSet) - 1 +// if lastInd < 0 { +// return true // the set is empty +// } +// lastInterval := c.intervalSet[lastInd] +// if lastInterval.inSet || lastInterval.interval.Start() < 0 || lastInterval.interval.End() != MaxValue { +// return false +// } +// return true +// } + +// nextIncludedInterval finds an interval included in set (not hole), starting from fromInd. +// if there are a few continuous in set intervals, it will return the union of all of them. +// it returns the found (potentially extended) interval, and the biggest index contributing to the result +func (c *AugmentedCanonicalSet) nextIncludedInterval(fromInd int) (res interval.Interval, index int) { + start := fromInd + for start < len(c.intervalSet) && !c.intervalSet[start].inSet { + start++ + } + if start >= len(c.intervalSet) { + return interval.New(0, -1), NoIndex + } + end := start + for end < len(c.intervalSet) && c.intervalSet[end].inSet { + end++ + } + return interval.New(c.intervalSet[start].interval.Start(), c.intervalSet[end-1].interval.End()), end - 1 +} + +// Equal returns true if the AugmentedCanonicalSet semantically equals the other AugmentedCanonicalSet; +// only numeric intervals are compared; the implying rules are not compared. +func (c *AugmentedCanonicalSet) Equal(other *AugmentedCanonicalSet) bool { + if c == other { + return true + } + currThisInd := 0 + currOtherInd := 0 + + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if (thisInd == NoIndex) != (otherInd == NoIndex) { + return false + } + if thisInd == NoIndex { + break + } + if !(thisInterval.Equal(otherInterval)) { + return false + } + currThisInd = thisInd + 1 + currOtherInd = otherInd + 1 + } + return true +} + +// AddAugmentedInterval adds a new interval/hole to the set, +// and updates the implying rules accordingly +// +//gocyclo:ignore +func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectStyle CollectStyleType) { + if v.interval.Start() < c.MinValue() || v.interval.End() > c.MaxValue() { + log.Panic(errOutOfRangeInterval) + } + if v.interval.IsEmpty() { + return + } + set := c.intervalSet + left := sort.Search(len(set), func(i int) bool { + return set[i].interval.End() >= v.interval.Start() + }) + right := sort.Search(len(set), func(j int) bool { + return set[j].interval.End() >= v.interval.End() + }) + var result []AugmentedInterval + // copy left-end intervals not impacted by v + result = append(result, slices.Clone(set[0:left])...) + + // handle the left-hand side of the intersection of v with set + sameInclusion := set[left].inSet == v.inSet + if v.interval.Start() > set[left].interval.Start() && + (!sameInclusion || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { + // split set[left] into two intervals, while the implying rules of the second interval should get the new value (from v) + new1 := AugmentedInterval{interval: interval.New(set[left].interval.Start(), v.interval.Start()-1), + inSet: set[left].inSet, implyingRules: set[left].implyingRules.Copy()} + new2 := AugmentedInterval{interval: interval.New(v.interval.Start(), min(set[left].interval.End(), v.interval.End())), + inSet: v.inSet, implyingRules: set[left].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)} + result = append(result, new1, new2) + left++ + } + for ind := left; ind <= right; ind++ { + sameInclusion := set[ind].inSet == v.inSet + if ind == right && v.interval.End() < set[right].interval.End() && + (!sameInclusion || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { + break // this is the corner case handled following the loop below + } + result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, + implyingRules: set[ind].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)}) + } + // handle the right-hand side of the intersection of v with set + sameInclusion = set[right].inSet == v.inSet + if v.interval.End() < set[right].interval.End() && + (!sameInclusion || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { + // split set[right] into two intervals, while the implying rules of the first interval should get the new value (from v) + if left < right || (left == right && v.interval.Start() == set[left].interval.Start()) { + // a special case when left==right (i.e., v is included in one interval from set) was already handled + // at the left-hand side of the intersection of v with set + new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), inSet: v.inSet, + implyingRules: set[right].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)} + result = append(result, new1) + } + new2 := AugmentedInterval{interval: interval.New(v.interval.End()+1, set[right].interval.End()), + inSet: set[right].inSet, implyingRules: set[right].implyingRules.Copy()} + result = append(result, new2) + } + + // copy right-end intervals not impacted by v + result = append(result, slices.Clone(set[right+1:])...) + c.intervalSet = result +} + +// String returns a string representation of the current CanonicalSet object +func (c *AugmentedCanonicalSet) String() string { + if c.IsEmpty() { + return "" + } + res := "" + canonical := c.GetEquivalentCanonicalAugmentedSet() + for _, interval := range canonical.intervalSet { + if interval.inSet { + res += interval.interval.ShortString() + "," + } + } + return res[:len(res)-1] +} + +// Union returns the union of the two sets +func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectSameInclusionRules bool) *AugmentedCanonicalSet { + if c == other { + return c.Copy() + } + collectStyle := NeverCollectRules + if collectSameInclusionRules { + collectStyle = CollectSameInclusionRules + } + // first, we add all 'out of set' intervals from both sets + // then, we add all 'in set' intervals from both sets + // this way we get the effect of union, while preserving all relevant implying rules + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + for _, left := range c.intervalSet { + if !left.inSet { + res.AddAugmentedInterval(left, collectStyle) + } + } + for _, right := range other.intervalSet { + if !right.inSet { + res.AddAugmentedInterval(right, collectStyle) + } + } + for _, left := range c.intervalSet { + if left.inSet { + res.AddAugmentedInterval(left, collectStyle) + } + } + for _, right := range other.intervalSet { + if right.inSet { + res.AddAugmentedInterval(right, collectStyle) + } + } + return res +} + +// Copy returns a new copy of the CanonicalSet object +func (c *AugmentedCanonicalSet) Copy() *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{intervalSet: slices.Clone(c.intervalSet)} +} + +func (c *AugmentedCanonicalSet) Contains(n int64) bool { + otherSet := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), NeverCollectRules) + return otherSet.ContainedIn(c) +} + +// ContainedIn returns true of the current AugmentedCanonicalSet is contained in the other AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) ContainedIn(other *AugmentedCanonicalSet) bool { + if c == other { + return true + } + currThisInd := 0 + currOtherInd := 0 + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if thisInd == NoIndex { + return true // end of this interval set + } + if otherInd == NoIndex { + return false // end of other interval set, but still have uncovered interval in this set + } + if thisInterval.IsSubset(otherInterval) { + // this interval is included in other; move to next intervals + currThisInd = thisInd + 1 + currOtherInd = otherInd + 1 + continue + } + if thisInterval.Overlap(otherInterval) { + // only part of this interval is contained + return false + } + if thisInterval.End() < otherInterval.Start() { + // this interval is not contained here + return false + } + // otherInterval.End() < thisInterval.Start() + // increment currOtherInd + currOtherInd = otherInd + 1 + } + return true +} + +// Intersect returns the intersection of the current set with the input set +func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *AugmentedCanonicalSet { + if c == other { + return c.Copy() + } + // first, we add all 'in set' intervals from both sets + // then, we add all 'out of set' intervals from both sets + // this way we get the effect of intersection, while preserving all relevant implying rules + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + for _, left := range c.intervalSet { + if left.inSet { + res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules allowed by both sets + } + } + for _, right := range other.intervalSet { + if right.inSet { + res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules allowed by both sets + } + } + for _, left := range c.intervalSet { + if !left.inSet { + res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules denied by both sets + } + } + for _, right := range other.intervalSet { + if !right.inSet { + res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules denied by both sets + } + } + return res +} + +// Overlap returns true if current AugmentedCanonicalSet overlaps with input AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) Overlap(other *AugmentedCanonicalSet) bool { + if c == other { + return !c.IsEmpty() + } + currThisInd := 0 + currOtherInd := 0 + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if thisInd == NoIndex || otherInd == NoIndex { + return false // did not find overlapping interval + } + if thisInterval.Overlap(otherInterval) { + return true + } + if thisInterval.End() < otherInterval.Start() { + // increment currThisInd + currThisInd = thisInd + 1 + } else { // otherInterval.End() < thisInterval.Start() + // increment currOtherInd + currOtherInd = otherInd + 1 + } + } + return false +} + +// Subtract returns the subtraction result of other AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) Subtract(other *AugmentedCanonicalSet) *AugmentedCanonicalSet { + if c == other { + return NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + } + res := c.Copy() + for _, interval := range other.intervalSet { + if interval.inSet { + hole := interval + hole.inSet = false + res.AddAugmentedInterval(hole, NeverCollectRules) + } + } + return res +} + +func (c *AugmentedCanonicalSet) GetEquivalentCanonicalAugmentedSet() *AugmentedCanonicalSet { + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + interv, index := c.nextIncludedInterval(0) + for index != NoIndex { + res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), NeverCollectRules) + interv, index = c.nextIncludedInterval(index + 1) + } + return res +} + +func (c *AugmentedCanonicalSet) SetExplResult(isIngress bool) { + for ind, v := range c.intervalSet { + c.intervalSet[ind].implyingRules.SetResult(v.inSet, isIngress) + } +} diff --git a/pkg/netpol/internal/common/connection.go b/pkg/netpol/internal/common/connection.go index 665a39c2..2e5cac54 100644 --- a/pkg/netpol/internal/common/connection.go +++ b/pkg/netpol/internal/common/connection.go @@ -13,7 +13,7 @@ import ( // Connection represents a set of allowed connections between two peers type Connection interface { // ProtocolsAndPortsMap returns the set of allowed connections - ProtocolsAndPortsMap() map[v1.Protocol][]PortRange + ProtocolsAndPortsMap(includeBlockedPorts bool) map[v1.Protocol][]PortRange // IsAllConnections returns true if all ports are allowed for all protocols IsAllConnections() bool // IsEmpty returns true if no connection is allowed diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 63763e44..6db70a1f 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -8,22 +8,39 @@ package common import ( "fmt" + "log" "sort" "strconv" "strings" - "k8s.io/apimachinery/pkg/util/intstr" - v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" "github.com/np-guard/models/pkg/interval" ) // ConnectionSet represents a set of allowed connections between two peers on a k8s env // and implements Connection interface +// The explainability information is represented as follows: every PortSet (in AllowedProtocols) +// includes information about implying rules for every range. +// CommonImplyingRules contain implying rules for empty or full ConectionSet (when AllowedProtocols is empty) +// The following variant should hold: CommonImplyingRules not empty <==> AllowedProtocols empty type ConnectionSet struct { - AllowAll bool - AllowedProtocols map[v1.Protocol]*PortSet // map from protocol name to set of allowed ports + AllowAll bool + AllowedProtocols map[v1.Protocol]*PortSet // map from protocol name to set of allowed ports + CommonImplyingRules ImplyingRulesType // used for explainability, when AllowedProtocols is empty (i.e., all allowed or all denied) +} + +func ExplNoMatchOfNamedPortsToDst(ruleName string) string { + return fmt.Sprintf("%s (named ports of the rule have no match in the configuration of the dst peer)", ruleName) +} + +func ExplNotReferencedPorts(ruleName string) string { + return fmt.Sprintf("%s (ports not referenced)", ruleName) +} + +func ExplNotReferencedProtocols(ruleName string) string { + return fmt.Sprintf("%s (protocols not referenced)", ruleName) } var allProtocols = []v1.Protocol{v1.ProtocolTCP, v1.ProtocolUDP, v1.ProtocolSCTP} @@ -31,9 +48,41 @@ var allProtocols = []v1.Protocol{v1.ProtocolTCP, v1.ProtocolUDP, v1.ProtocolSCTP // MakeConnectionSet returns a pointer to ConnectionSet object with all connections or no connections func MakeConnectionSet(all bool) *ConnectionSet { if all { - return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}} + return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} + } + return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} +} + +func MakeConnectionSetWithRule(all bool, rule string, layer LayerType, isIngress bool) *ConnectionSet { + return &ConnectionSet{AllowAll: all, AllowedProtocols: map[v1.Protocol]*PortSet{}, + CommonImplyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} +} + +// Add common implying rule, i.e., a rule that is relevant for the whole ConnectionSet +func (conn *ConnectionSet) AddCommonImplyingRule(implyingRule string, layer LayerType, isIngress bool) { + conn.CommonImplyingRules.AddRule(implyingRule, layer, isIngress) +} + +func (conn *ConnectionSet) GetEquivalentCanonicalConnectionSet() *ConnectionSet { + res := MakeConnectionSet(false) + if conn.AllowAll { + res.AllowAll = true + return res + } + for protocol, ports := range conn.AllowedProtocols { + canonicalPorts := ports.GetEquivalentCanonicalPortSet() + if !canonicalPorts.IsEmpty() { + res.AllowedProtocols[protocol] = canonicalPorts + } + } + return res +} + +func (conn *ConnectionSet) RemoveDefaultRule(isIngress bool) { + conn.CommonImplyingRules.RemoveDefaultRule(isIngress) + for _, ports := range conn.AllowedProtocols { + ports.RemoveDefaultRule(isIngress) } - return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}} } // GetAllTCPConnections returns a pointer to ConnectionSet object with all TCP protocol connections @@ -44,116 +93,149 @@ func GetAllTCPConnections() *ConnectionSet { } // Intersection updates ConnectionSet object to be the intersection result with other ConnectionSet +// the implying rules are symmetrically updated by both conn and other, +// i.e., conn does not have a precedence over other func (conn *ConnectionSet) Intersection(other *ConnectionSet) { - if other.AllowAll { - return - } - if conn.AllowAll { - conn.AllowAll = false - for protocol, ports := range other.AllowedProtocols { - conn.AllowedProtocols[protocol] = ports.Copy() + if len(conn.AllowedProtocols) == 0 && len(other.AllowedProtocols) == 0 { + // each one of conn and other is either AllowAll or Empty + if other.IsEmpty() { + conn.AllowAll = false + conn.AllowedProtocols = map[v1.Protocol]*PortSet{} } + // union common implying rules - a symmetrical update + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, true, AlwaysCollectRules) return } + // prepare conn and other for the intersection - we need to seep implying rules info into all protocols/ports + conn.rebuildExplicitly() + other.rebuildExplicitly() + conn.AllowAll = false for protocol := range conn.AllowedProtocols { otherPorts, ok := other.AllowedProtocols[protocol] if !ok { - delete(conn.AllowedProtocols, protocol) + log.Panic("We should not get here") } else { conn.AllowedProtocols[protocol].Intersection(otherPorts) - if conn.AllowedProtocols[protocol].IsEmpty() { - delete(conn.AllowedProtocols, protocol) - } } } + conn.updateIfAllConnections() // the result may be AllowAll if both conn and other were AllowAll } // IsEmpty returns true if the ConnectionSet has no allowed connections func (conn *ConnectionSet) IsEmpty() bool { - return !conn.AllowAll && len(conn.AllowedProtocols) == 0 + if conn.AllowAll { + return false + } + if len(conn.AllowedProtocols) == 0 { + return true + } + // now check semantically + for _, protocol := range allProtocols { + ports, ok := conn.AllowedProtocols[protocol] + if ok && !ports.IsEmpty() { // this is a semantic emptiness check (no included ports, may be holes) + return false + } + } + return true } -func (conn *ConnectionSet) isAllConnectionsWithoutAllowAll() bool { +func (conn *ConnectionSet) updateIfAllConnections() { if conn.AllowAll { - return false + return } for _, protocol := range allProtocols { ports, ok := conn.AllowedProtocols[protocol] if !ok { - return false + return } else if !ports.IsAll() { - return false + return } } + conn.AllowAll = true + // we keep conn.AllowedProtocols data, we might need the ImplyingRules info for explainability +} - return true +func (conn *ConnectionSet) SetExplResult(isIngress bool) { + if len(conn.AllowedProtocols) == 0 { + // no AllowedProtocols --> compute result according to AllowAll + conn.CommonImplyingRules.SetResult(conn.AllowAll, isIngress) + return + } + // compute result for every range in AllowedProtocols + for _, ports := range conn.AllowedProtocols { + ports.Ports.SetExplResult(isIngress) + } } -func (conn *ConnectionSet) checkIfAllConnections() { - if conn.isAllConnectionsWithoutAllowAll() { - conn.AllowAll = true - conn.AllowedProtocols = map[v1.Protocol]*PortSet{} +// rebuildExplicitly : represent All/No connections explicitly (All connections if AllowAll==true, No connections otherwise), +// by building AllowedProtocols and adding the whole range intervals/holes (depending on AllowAll field) +func (conn *ConnectionSet) rebuildExplicitly() { + if len(conn.AllowedProtocols) == len(allProtocols) { + return // if all protocols exist, nothing to add + } + var portSet *PortSet + if conn.AllowAll { + portSet = MakeAllPortSetWithImplyingRules(conn.CommonImplyingRules) + } else { + portSet = MakeEmptyPortSetWithImplyingRules(conn.CommonImplyingRules) + } + for _, protocol := range allProtocols { + if _, ok := conn.AllowedProtocols[protocol]; !ok { + conn.AddConnection(protocol, portSet) + } } + conn.CommonImplyingRules = InitImplyingRules() } // Union updates ConnectionSet object to be the union result with other ConnectionSet -func (conn *ConnectionSet) Union(other *ConnectionSet) { - if conn.AllowAll || other.IsEmpty() { +func (conn *ConnectionSet) Union(other *ConnectionSet, collectSameInclusionRules bool) { + collectStyle := NeverCollectRules + if collectSameInclusionRules { + collectStyle = CollectSameInclusionRules + } + if conn.IsEmpty() && (other.IsEmpty() || other.AllowAll) && len(conn.AllowedProtocols) == 0 && len(other.AllowedProtocols) == 0 { + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, other.IsEmpty(), collectStyle) + conn.AllowAll = other.AllowAll return } - if other.AllowAll { - conn.AllowAll = true - conn.AllowedProtocols = map[v1.Protocol]*PortSet{} - return + if other.IsEmpty() { + return // neither connections nor implying rules can be updated } + conn.rebuildExplicitly() + other.rebuildExplicitly() for protocol := range conn.AllowedProtocols { if otherPorts, ok := other.AllowedProtocols[protocol]; ok { - conn.AllowedProtocols[protocol].Union(otherPorts) - } - } - for protocol := range other.AllowedProtocols { - if _, ok := conn.AllowedProtocols[protocol]; !ok { - portsCopy := other.AllowedProtocols[protocol].Copy() - conn.AllowedProtocols[protocol] = portsCopy + conn.AllowedProtocols[protocol].Union(otherPorts, collectSameInclusionRules) } } - conn.checkIfAllConnections() + conn.CommonImplyingRules = InitImplyingRules() // clear common implying rules, since we have implying rules in AllowedProtocols + conn.updateIfAllConnections() } // Subtract : updates current ConnectionSet object with the result of // subtracting other ConnectionSet from current ConnectionSet +// the implying rules are updated by both conn and other func (conn *ConnectionSet) Subtract(other *ConnectionSet) { - if other.IsEmpty() { // nothing to subtract + if /*conn.IsEmpty() ||*/ other.IsEmpty() { // nothing to subtract return } - if other.AllowAll { // subtract everything + if other.AllowAll && len(other.AllowedProtocols) == 0 { + // a special case when we should override the current common implying rules by others' + // because conn.AllowAll (aka the inclusion status) changes + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, false, NeverCollectRules) conn.AllowAll = false conn.AllowedProtocols = map[v1.Protocol]*PortSet{} return } - if conn.AllowAll { - conn.AllowAll = false // we are about to subtract something - conn.addAllConns() - } + conn.rebuildExplicitly() + conn.AllowAll = false for protocol, ports := range conn.AllowedProtocols { if otherPorts, ok := other.AllowedProtocols[protocol]; ok { - if ports.ContainedIn(otherPorts) { - delete(conn.AllowedProtocols, protocol) - } else { - ports.subtract(otherPorts) - } + ports.subtract(otherPorts) } } } -// addAllConns : add all possible connections to the current ConnectionSet's allowed protocols -// added explicitly, without using the `AllowAll` field -func (conn *ConnectionSet) addAllConns() { - for _, protocol := range allProtocols { - conn.AddConnection(protocol, MakePortSet(true)) - } -} - // Contains returns true if the input port+protocol is an allowed connection func (conn *ConnectionSet) Contains(port, protocol string) bool { intPort, err := strconv.Atoi(port) @@ -180,6 +262,9 @@ func (conn *ConnectionSet) ContainedIn(other *ConnectionSet) bool { return false } for protocol, ports := range conn.AllowedProtocols { + if ports.IsEmpty() { + continue // empty port set might exist due to preserving data for explainability + } otherPorts, ok := other.AllowedProtocols[protocol] if !ok { return false @@ -193,12 +278,15 @@ func (conn *ConnectionSet) ContainedIn(other *ConnectionSet) bool { // AddConnection updates current ConnectionSet object with new allowed connection func (conn *ConnectionSet) AddConnection(protocol v1.Protocol, ports *PortSet) { - if ports.IsEmpty() { + if ports.IsUnfilled() { + // The return below is only when 'ports' is syntactically empty; + // In the case of a hole (semantically empty set), we do want to add it + // in order to keep the explanation data return } connPorts, ok := conn.AllowedProtocols[protocol] if ok { - connPorts.Union(ports) + connPorts.Union(ports, true) } else { conn.AllowedProtocols[protocol] = ports.Copy() } @@ -207,13 +295,15 @@ func (conn *ConnectionSet) AddConnection(protocol v1.Protocol, ports *PortSet) { // String returns a string representation of the ConnectionSet object func (conn *ConnectionSet) String() string { if conn.AllowAll { - return allConnsStr + return AllConnsStr } else if conn.IsEmpty() { - return noConnsStr + return NoConnsStr } resStrings := []string{} for protocol, ports := range conn.AllowedProtocols { - resStrings = append(resStrings, protocolAndPortsStr(protocol, ports.String())) + if portsString := ports.String(); portsString != "" { + resStrings = append(resStrings, protocolAndPortsStr(protocol, portsString)) + } } sort.Strings(resStrings) return strings.Join(resStrings, ",") @@ -224,11 +314,13 @@ func (conn *ConnectionSet) Equal(other *ConnectionSet) bool { if conn.AllowAll != other.AllowAll { return false } - if len(conn.AllowedProtocols) != len(other.AllowedProtocols) { + connCanonical := conn.GetEquivalentCanonicalConnectionSet() + otherCanonical := other.GetEquivalentCanonicalConnectionSet() + if len(connCanonical.AllowedProtocols) != len(otherCanonical.AllowedProtocols) { return false } - for protocol, ports := range conn.AllowedProtocols { - otherPorts, ok := other.AllowedProtocols[protocol] + for protocol, ports := range connCanonical.AllowedProtocols { + otherPorts, ok := otherCanonical.AllowedProtocols[protocol] if !ok { return false } @@ -246,14 +338,15 @@ func (conn *ConnectionSet) Copy() *ConnectionSet { for protocol, portSet := range conn.AllowedProtocols { res.AllowedProtocols[protocol] = portSet.Copy() } + res.CommonImplyingRules = conn.CommonImplyingRules.Copy() return res } -// GetNamedPorts returns map from protocol to list of its allowed named ports -func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol][]string { - res := make(map[v1.Protocol][]string, 0) +// GetNamedPorts returns map from protocol to its allowed named ports (including ImplyingRules info) +func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol]NamedPortsType { + res := make(map[v1.Protocol]NamedPortsType, 0) for protocol, portSet := range conn.AllowedProtocols { - if namedPorts := portSet.GetNamedPortsKeys(); len(namedPorts) > 0 { + if namedPorts := portSet.GetNamedPorts(); len(namedPorts) > 0 { res[protocol] = namedPorts } } @@ -262,43 +355,73 @@ func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol][]string { // ReplaceNamedPortWithMatchingPortNum : replacing given namedPort with the matching given port num in the connection // if port num is -1; just deletes the named port from the protocol's list -func (conn *ConnectionSet) ReplaceNamedPortWithMatchingPortNum(protocol v1.Protocol, namedPort string, portNum int32) { +func (conn *ConnectionSet) ReplaceNamedPortWithMatchingPortNum(protocol v1.Protocol, namedPort string, portNum int32, + implyingRules ImplyingRulesType) { protocolPortSet := conn.AllowedProtocols[protocol] if portNum != NoPort { - protocolPortSet.AddPort(intstr.FromInt32(portNum)) + protocolPortSet.AddPort(intstr.FromInt32(portNum), implyingRules) } // after adding the portNum to the protocol's portSet; remove the port name protocolPortSet.RemovePort(intstr.FromString(namedPort)) } -// portRange implements the PortRange interface -type portRange struct { - Interval interval.Interval +// PortRangeData implements the PortRange interface +type PortRangeData struct { + Interval AugmentedInterval +} + +func (p *PortRangeData) Start() int64 { + return p.Interval.interval.Start() } -func (p *portRange) Start() int64 { - return p.Interval.Start() +func (p *PortRangeData) End() int64 { + return p.Interval.interval.End() } -func (p *portRange) End() int64 { - return p.Interval.End() +func (p *PortRangeData) isWholeRange() bool { + return p.Start() == MinPort && p.End() == MaxPort } -func (p *portRange) String() string { - if p.Interval.End() != p.Interval.Start() { +func (p PortRangeData) Equal(other PortRangeData) bool { + return p.Interval.Equal(other.Interval) +} + +func (p *PortRangeData) String() string { + if p.isWholeRange() { + return allPortsStr + } + if p.End() != p.Start() { return fmt.Sprintf("%d-%d", p.Start(), p.End()) } return fmt.Sprintf("%d", p.Start()) } +func explOfInSetProtocolPortsAndRules(inSet bool, protocolString, portsString, rulesString string) string { + resultStr := allowResultStr + if !inSet { + resultStr = denyResultStr + } + return resultStr + SpaceSeparator + protocolString + ":" + "[" + portsString + "]" + rulesString +} + +func (p *PortRangeData) StringWithExplanation(protocolString string) string { + return explOfInSetProtocolPortsAndRules(p.InSet(), protocolString, p.String(), p.Interval.implyingRules.String()) +} + +func (p *PortRangeData) InSet() bool { + return p.Interval.inSet +} + // ProtocolsAndPortsMap() returns a map from allowed protocol to list of allowed ports ranges. -func (conn *ConnectionSet) ProtocolsAndPortsMap() map[v1.Protocol][]PortRange { +func (conn *ConnectionSet) ProtocolsAndPortsMap(includeDeniedPorts bool) map[v1.Protocol][]PortRange { res := make(map[v1.Protocol][]PortRange, 0) for protocol, portSet := range conn.AllowedProtocols { res[protocol] = make([]PortRange, 0) // TODO: consider leave the slice of ports empty if portSet covers the full range for _, v := range portSet.Ports.Intervals() { - res[protocol] = append(res[protocol], &portRange{Interval: v}) + if includeDeniedPorts || v.inSet { + res[protocol] = append(res[protocol], &PortRangeData{Interval: v}) + } } } return res @@ -311,24 +434,26 @@ func (conn *ConnectionSet) IsAllConnections() bool { const ( connsAndPortRangeSeparator = "," - allConnsStr = "All Connections" - noConnsStr = "No Connections" + AllConnsStr = "All Connections" + NoConnsStr = "No Connections" + allPortsStr = "ALL PORTS" ) func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string { if allProtocolsAndPorts { - return allConnsStr + return AllConnsStr } if len(protocolsAndPorts) == 0 { - return noConnsStr + return NoConnsStr } var connStr string // connStrings will contain the string of given conns protocols and ports as is - connStrings := make([]string, len(protocolsAndPorts)) - index := 0 + connStrings := make([]string, 0, len(protocolsAndPorts)) for protocol, ports := range protocolsAndPorts { - connStrings[index] = protocolAndPortsStr(protocol, portsString(ports)) - index++ + if thePortsStr := portsString(ports); thePortsStr != "" { + // thePortsStr might be empty if 'ports' does not contain 'InSet' ports + connStrings = append(connStrings, protocolAndPortsStr(protocol, thePortsStr)) + } } sort.Strings(connStrings) connStr = strings.Join(connStrings, connsAndPortRangeSeparator) @@ -336,14 +461,97 @@ func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[ } // get string representation for a list of port ranges +// return a canonical form (longest in-set ranges) func portsString(ports []PortRange) string { - portsStr := make([]string, len(ports)) + portsStr := make([]string, 0, len(ports)) + currInterval := interval.New(0, -1) // an empty interval for i := range ports { - portsStr[i] = ports[i].String() + if ports[i].(*PortRangeData).InSet() { + if currInterval.IsEmpty() { + currInterval = interval.New(ports[i].Start(), ports[i].End()) + } else { // the intervals are consequent, i.e., currInterval.End()+1 == ports[i].Start() + currInterval = interval.New(currInterval.Start(), ports[i].End()) // extend the interval + } + } else if !currInterval.IsEmpty() { + portsStr = append(portsStr, currInterval.ShortString()) + currInterval = interval.New(0, -1) + } + } + if !currInterval.IsEmpty() { + portsStr = append(portsStr, currInterval.ShortString()) } return strings.Join(portsStr, connsAndPortRangeSeparator) } +type InSetAndRulesStr struct { + inSet bool + rulesString string +} + +func portsStringWithExplanation(ports []PortRange, protocolString string) []string { + // for compact explanation: collect together ranges with the same 'inSet' and impying rules + portRangeClasses := map[InSetAndRulesStr]*interval.CanonicalSet{} + for i := range ports { + portRangeData := ports[i].(*PortRangeData) + thisInSetAndRulesStr := InSetAndRulesStr{portRangeData.Interval.inSet, portRangeData.Interval.implyingRules.String()} + _, ok := portRangeClasses[thisInSetAndRulesStr] + if !ok { + portRangeClasses[thisInSetAndRulesStr] = interval.NewCanonicalSet() + } + portRangeClasses[thisInSetAndRulesStr].AddInterval(portRangeData.Interval.interval) + } + portsStr := make([]string, len(portRangeClasses)) + ind := 0 + for inSetAndRulesStr, intervals := range portRangeClasses { + portsStr[ind] = explOfInSetProtocolPortsAndRules(inSetAndRulesStr.inSet, protocolString, + intervals.String(), inSetAndRulesStr.rulesString) + ind++ + } + sort.Strings(portsStr) + return portsStr +} + func protocolAndPortsStr(protocol v1.Protocol, ports string) string { - return string(protocol) + " " + ports + return string(protocol) + SpaceSeparator + ports +} + +func isWholeRange(ports []PortRange) bool { + return len(ports) == 1 && ports[0].(*PortRangeData).isWholeRange() +} + +func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRules ImplyingRulesType, + protocolsAndPorts map[v1.Protocol][]PortRange) string { + if len(protocolsAndPorts) == 0 { + connStr := NoConnsStr + if allProtocolsAndPorts { + connStr = AllConnsStr + } + return connStr + commonImplyingRules.String() + } + var connStr string + // connStrings will contain the string of given conns protocols and ports as is + connStrings := make([]string, 0, len(protocolsAndPorts)) + // for compact explanation: pick all protocols containing the whole port range + wholeCommonRange := PortRangeData{} + wholeRangeProtocols := make([]string, 0, len(protocolsAndPorts)) + for protocol, ports := range protocolsAndPorts { + if isWholeRange(ports) { + if len(wholeRangeProtocols) == 0 { + wholeCommonRange = *ports[0].(*PortRangeData) + wholeRangeProtocols = append(wholeRangeProtocols, string(protocol)) + continue + } else if ports[0].(*PortRangeData).Equal(wholeCommonRange) { + wholeRangeProtocols = append(wholeRangeProtocols, string(protocol)) + continue + } + } + connStrings = append(connStrings, portsStringWithExplanation(ports, string(protocol))...) + } + if len(wholeRangeProtocols) > 0 { + sort.Strings(wholeRangeProtocols) + connStrings = append(connStrings, wholeCommonRange.StringWithExplanation("{"+strings.Join(wholeRangeProtocols, ",")+"}")) + } + sort.Strings(connStrings) + connStr = strings.Join(connStrings, NewLine) + return connStr } diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index 91158714..02820e14 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -12,8 +12,6 @@ import ( "strings" "k8s.io/apimachinery/pkg/util/intstr" - - "github.com/np-guard/models/pkg/interval" ) const ( @@ -22,95 +20,139 @@ const ( MaxPort int64 = 65535 ) +type NamedPortsType map[string]ImplyingRulesType + +func portNames(ports NamedPortsType) []string { + res := []string{} + for p := range ports { + res = append(res, p) + } + return res +} + // PortSet: represents set of allowed ports in a connection type PortSet struct { - Ports *interval.CanonicalSet - NamedPorts map[string]bool - ExcludedNamedPorts map[string]bool + Ports *AugmentedCanonicalSet // ports, augmented with implying rules data (used for explainability) + // NamedPorts/ExcludedNamedPorts is a map from a port name to implying rule names (used for explainnability) + // When not running with explainability, existing (excluded)named ports will be represented by a mapping + // from a port name to an empty implying rules holder + NamedPorts NamedPortsType + ExcludedNamedPorts NamedPortsType } // MakePortSet: return a new PortSet object, with all ports or no ports allowed func MakePortSet(all bool) *PortSet { - if all { - return &PortSet{Ports: interval.New(MinPort, MaxPort).ToSet(), - NamedPorts: map[string]bool{}, - ExcludedNamedPorts: map[string]bool{}, - } + return &PortSet{Ports: NewAugmentedCanonicalSet(MinPort, MaxPort, all), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, } - return &PortSet{Ports: interval.NewCanonicalSet(), - NamedPorts: map[string]bool{}, - ExcludedNamedPorts: map[string]bool{}, +} + +func MakeAllPortSetWithImplyingRules(rules ImplyingRulesType) *PortSet { + return &PortSet{Ports: NewAugmentedCanonicalSetWithRules(MinPort, MaxPort, true, rules), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, + } +} + +func MakeEmptyPortSetWithImplyingRules(rules ImplyingRulesType) *PortSet { + return &PortSet{Ports: NewAugmentedCanonicalSetWithRules(MinPort, MaxPort, false, rules), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, } } +func (p *PortSet) RemoveDefaultRule(isIngress bool) { + p.Ports.RemoveDefaultRule(isIngress) +} + // Equal: return true if current object equals another PortSet object func (p *PortSet) Equal(other *PortSet) bool { - return p.Ports.Equal(other.Ports) && reflect.DeepEqual(p.NamedPorts, other.NamedPorts) && - reflect.DeepEqual(p.ExcludedNamedPorts, other.ExcludedNamedPorts) + return p.Ports.Equal(other.Ports) && reflect.DeepEqual(portNames(p.NamedPorts), portNames(other.NamedPorts)) && + reflect.DeepEqual(portNames(p.ExcludedNamedPorts), portNames(other.ExcludedNamedPorts)) } -// IsEmpty: return true if current object is empty (no ports allowed) +// IsEmpty: return true if current PortSet is semantically empty (no ports allowed) func (p *PortSet) IsEmpty() bool { return p.Ports.IsEmpty() && len(p.NamedPorts) == 0 } +// Unfilled: return true if current PortSet is syntactically empty +func (p *PortSet) IsUnfilled() bool { + return p.Ports.IsUnfilled() && len(p.NamedPorts) == 0 +} + // Copy: return a new copy of a PortSet object func (p *PortSet) Copy() *PortSet { res := MakePortSet(false) res.Ports = p.Ports.Copy() for k, v := range p.NamedPorts { - res.NamedPorts[k] = v + res.NamedPorts[k] = v.Copy() } for k, v := range p.ExcludedNamedPorts { - res.ExcludedNamedPorts[k] = v + res.ExcludedNamedPorts[k] = v.Copy() } return res } // AddPort: update current PortSet object with new added port as allowed -func (p *PortSet) AddPort(port intstr.IntOrString) { +func (p *PortSet) AddPort(port intstr.IntOrString, implyingRules ImplyingRulesType) { if port.Type == intstr.String { - p.NamedPorts[port.StrVal] = true + if _, ok := p.NamedPorts[port.StrVal]; !ok { + p.NamedPorts[port.StrVal] = InitImplyingRules() + } + p.NamedPorts[port.StrVal] = p.NamedPorts[port.StrVal].Update(implyingRules, false, NeverCollectRules) delete(p.ExcludedNamedPorts, port.StrVal) } else { - p.Ports.AddInterval(interval.New(int64(port.IntVal), int64(port.IntVal))) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), + true, implyingRules), NeverCollectRules) } } // RemovePort: update current PortSet object with removing input port from allowed ports func (p *PortSet) RemovePort(port intstr.IntOrString) { if port.Type == intstr.String { + p.ExcludedNamedPorts[port.StrVal] = p.NamedPorts[port.StrVal] delete(p.NamedPorts, port.StrVal) - p.ExcludedNamedPorts[port.StrVal] = true } else { - p.Ports.AddHole(interval.New(int64(port.IntVal), int64(port.IntVal))) + p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), NeverCollectRules) } } // AddPortRange: update current PortSet object with new added port range as allowed -func (p *PortSet) AddPortRange(minPort, maxPort int64) { - p.Ports.AddInterval(interval.New(minPort, maxPort)) +func (p *PortSet) AddPortRange(minPort, maxPort int64, inSet bool, fromRule string, layer LayerType, isIngress bool) { + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, layer, isIngress), NeverCollectRules) } // Union: update current PortSet object with union of input PortSet object -func (p *PortSet) Union(other *PortSet) { - p.Ports = p.Ports.Union(other.Ports) +// Note: this function is not symmetrical regarding the update of implying rules: +// - for ports that get changed in 'p', it overrides implying rules of 'p' by those of 'other'; +// - for unchanged ports it updates implying rules of 'p' according to 'collectSameInclusionRules' +// (collecting when true, overriding by priority otherwise) +func (p *PortSet) Union(other *PortSet, collectSameInclusionRules bool) { + p.Ports = p.Ports.Union(other.Ports, collectSameInclusionRules) // union current namedPorts with other namedPorts, and delete other namedPorts from current excludedNamedPorts for k, v := range other.NamedPorts { - p.NamedPorts[k] = v + if _, ok := p.NamedPorts[k]; !ok { + // this named port was not in p --> take implying rules from other + p.NamedPorts[k] = v.Copy() + } delete(p.ExcludedNamedPorts, k) } // add excludedNamedPorts from other to current excludedNamedPorts if they are not in united p.NamedPorts for k, v := range other.ExcludedNamedPorts { - if !p.NamedPorts[k] { - p.ExcludedNamedPorts[k] = v + if _, ok := p.NamedPorts[k]; !ok { + if _, ok := p.ExcludedNamedPorts[k]; !ok { + // this exluded named port was not excluded in p --> take implying rules from other + p.ExcludedNamedPorts[k] = v.Copy() + } } } } // ContainedIn: return true if current PortSet object is contained in input PortSet object func (p *PortSet) ContainedIn(other *PortSet) bool { - return p.Ports.IsSubset(other.Ports) + return p.Ports.ContainedIn(other.Ports) } // Intersection: update current PortSet object as intersection with input PortSet object @@ -124,7 +166,6 @@ func (p *PortSet) IsAll() bool { } const comma = "," -const emptyStr = "Empty" // String: return string representation of current PortSet func (p *PortSet) String() string { @@ -132,10 +173,7 @@ func (p *PortSet) String() string { if len(p.NamedPorts) > 0 { sortedNamedPorts := p.GetNamedPortsKeys() sort.Strings(sortedNamedPorts) - // if p.Ports is empty but p.NamedPorts is not: start a new string - if res == emptyStr { - res = "" - } else { + if res != "" { res += comma } res += strings.Join(sortedNamedPorts, comma) @@ -148,7 +186,12 @@ func (p *PortSet) Contains(port int64) bool { return p.Ports.Contains(port) } -// GetNamedPortsKeys returns the named ports of current portSet +// GetNamedPorts returns the named ports of the current PortSet +func (p *PortSet) GetNamedPorts() NamedPortsType { + return p.NamedPorts +} + +// GetNamedPortsKeys returns the named ports names of the current PortSet func (p *PortSet) GetNamedPortsKeys() []string { res := make([]string, len(p.NamedPorts)) index := 0 @@ -162,14 +205,19 @@ func (p *PortSet) GetNamedPortsKeys() []string { // subtract: updates current portSet with the result of subtracting the given portSet from it func (p *PortSet) subtract(other *PortSet) { p.Ports = p.Ports.Subtract(other.Ports) - p.subtractNamedPorts(other.NamedPorts) + // delete other named ports from current portSet's named ports map + // and add the deleted named ports to excluded named ports map + for k, v := range other.NamedPorts { + if _, ok := p.ExcludedNamedPorts[k]; !ok { + p.ExcludedNamedPorts[k] = InitImplyingRules() + } + p.ExcludedNamedPorts[k] = p.ExcludedNamedPorts[k].Update(v, false, NeverCollectRules) + delete(p.NamedPorts, k) + } } -// subtractNamedPorts: deletes given named ports from current portSet's named ports map -// and adds the deleted named ports to excluded named ports map -func (p *PortSet) subtractNamedPorts(otherNamedPorts map[string]bool) { - for namedPort := range otherNamedPorts { - delete(p.NamedPorts, namedPort) - p.ExcludedNamedPorts[namedPort] = true - } +func (p *PortSet) GetEquivalentCanonicalPortSet() *PortSet { + res := p.Copy() + res.Ports = p.Ports.GetEquivalentCanonicalAugmentedSet() + return res } diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt new file mode 100644 index 00000000..d2b8d7a6 --- /dev/null +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -0,0 +1,2609 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/notification[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/notification-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/gateway[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/catalog-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/catalog[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/catalog-netpol // Ingress rule #2 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Ingress rule #2 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol // Ingress rule #3 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/reports[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/shipping[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/shipping-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/recommendation[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/mastercard-processor[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/mastercard-processor-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/visa-processor[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/visa-processor-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol // Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/asset-cache // service asset-cache-service + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] frontend/asset-cache // service asset-cache-service (ports not referenced) + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] frontend/asset-cache // service asset-cache-service (protocols not referenced) + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/webapp // service webapp-service + 2) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] frontend/webapp // service webapp-service (ports not referenced) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 3) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] frontend/webapp // service webapp-service (protocols not referenced) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 3) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress (captured but not selected by any Egress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt new file mode 100644 index 00000000..20571812 --- /dev/null +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -0,0 +1,64 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns3/pod1[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => ns1/pod1[Deployment] +0.0.0.0-255.255.255.255 => ns2/pod1[Deployment] +0.0.0.0-255.255.255.255 => ns3/pod1[Deployment] +ns1/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns1/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns1/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns2/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns2/pod1[Deployment] => 104.154.164.160-104.154.164.160 +ns2/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns2/pod1[Deployment] => 104.154.164.170-104.154.164.170 +ns2/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns2/pod1[Deployment] => ns1/pod1[Deployment] +ns2/pod1[Deployment] => ns3/pod1[Deployment] +ns3/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns3/pod1[Deployment] => 104.154.164.160-104.154.164.160 +ns3/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns3/pod1[Deployment] => 104.154.164.170-104.154.164.170 +ns3/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns3/pod1[Deployment] => ns1/pod1[Deployment] +ns3/pod1[Deployment] => ns2/pod1[Deployment] diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt new file mode 100644 index 00000000..6d7d7ca0 --- /dev/null +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -0,0 +1,109 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: + +ALLOWED TCP:[1234] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[9001-65535] the system default (Allow all) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [BANP] default // Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: + +ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) + +ALLOWED TCP:[1234] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: + +ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring // Ingress rule #1 + +ALLOWED TCP:[1234] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [NP] foo/allow-monitoring // Ingress rule #1 + +ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring // Ingress rule #1 + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => bar/mybar[Pod] +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => bar/mybar[Pod] +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt new file mode 100644 index 00000000..56812775 --- /dev/null +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -0,0 +1,90 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring // Ingress rule #1 + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => bar/mybar[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN foo/myfoo[Pod] => bar/mybar[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) + 2) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt new file mode 100644 index 00000000..19509233 --- /dev/null +++ b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt @@ -0,0 +1,45 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +ALLOWED TCP:[80] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-example // Ingress rule allow-ingress-from-slytherin-on-named-port (Allow) + +DENIED TCP:[1-79,81-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt new file mode 100644 index 00000000..4283448e --- /dev/null +++ b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt @@ -0,0 +1,30 @@ + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt new file mode 100644 index 00000000..24a5cc53 --- /dev/null +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -0,0 +1,239 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] anp-priority-10 // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-hufflepuff // Ingress rule pass-from-slytherin (Pass) + 2) the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +ALLOWED SCTP:[9003] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +ALLOWED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED SCTP:[1-9002,9004-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[1-52,54-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-hufflepuff // Ingress rule allow-from-gryffindor-at-port-53 (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +ALLOWED UDP:[52] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 + +DENIED UDP:[1-51,53-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +ALLOWED SCTP:[1-9002,9004-65535] the system default (Allow all) + +ALLOWED TCP:[1-79,81-65535] the system default (Allow all) + +ALLOWED UDP:[1-52,54-65535] the system default (Allow all) + +DENIED SCTP:[9003] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED TCP:[80] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +ALLOWED SCTP:[9003] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +ALLOWED TCP:[80] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +ALLOWED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +DENIED SCTP:[1-9002,9004-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) + +DENIED TCP:[1-79,81-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) + +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +ALLOWED TCP:[1-79,81-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 + +DENIED TCP:[80] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw // Ingress rule deny-from-slytherin-at-port-80 (Deny) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default // Ingress rule deny-all-ingress-from-hufflepuff (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-ravenclaw-everything (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => hufflepuff/cedric-diggory[StatefulSet] +0.0.0.0-255.255.255.255 => slytherin/draco-malfoy[StatefulSet] +gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +hufflepuff/cedric-diggory[StatefulSet] => 0.0.0.0-255.255.255.255 +slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt new file mode 100644 index 00000000..d6a4ea92 --- /dev/null +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -0,0 +1,67 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-udp // Egress rule allow-to-ravenclaw-everything (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-udp // Egress rule allow-to-gryffindor-at-port-53 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp // Egress rule deny-to-gryffindor-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp // Egress rule deny-to-gryffindor-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +ALLOWED UDP:[1-5352,5354-65535] the system default (Allow all) + +ALLOWED {SCTP,TCP}:[ALL PORTS] the system default (Allow all) + +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp // Egress rule deny-to-slytherin-at-port-5353 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] diff --git a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt new file mode 100644 index 00000000..81dc3401 --- /dev/null +++ b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt @@ -0,0 +1,74 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => helloworld/hello-world[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] helloworld/hello-world // service hello-world + +DENIED TCP:[1-7999,8001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] helloworld/hello-world // service hello-world (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] helloworld/hello-world // service hello-world (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => ingressworld/ingress-world[Deployment]: + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world + +DENIED TCP:[1-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => routeworld/route-world[Deployment]: + +ALLOWED TCP:[8060] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routeworld/route-world // service route-world + +DENIED TCP:[1-8059,8061-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routeworld/route-world // service route-world (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routeworld/route-world // service route-world (protocols not referenced) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => helloworld/hello-world[Deployment] +0.0.0.0-255.255.255.255 => ingressworld/ingress-world[Deployment] +0.0.0.0-255.255.255.255 => routeworld/route-world[Deployment] +helloworld/hello-world[Deployment] => 0.0.0.0-255.255.255.255 +helloworld/hello-world[Deployment] => ingressworld/ingress-world[Deployment] +helloworld/hello-world[Deployment] => routeworld/route-world[Deployment] +ingressworld/ingress-world[Deployment] => 0.0.0.0-255.255.255.255 +ingressworld/ingress-world[Deployment] => helloworld/hello-world[Deployment] +ingressworld/ingress-world[Deployment] => routeworld/route-world[Deployment] +routeworld/route-world[Deployment] => 0.0.0.0-255.255.255.255 +routeworld/route-world[Deployment] => helloworld/hello-world[Deployment] +routeworld/route-world[Deployment] => ingressworld/ingress-world[Deployment] diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt new file mode 100644 index 00000000..fa1471b2 --- /dev/null +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -0,0 +1,2302 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-9.255.255.255 => default/cognetive-agents-agent[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-agents[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +0.0.0.0-9.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +0.0.0.0-9.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system/calico-node[DaemonSet] +0.0.0.0-9.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents-agent[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +10.0.0.0-10.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +10.0.0.0-10.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system/calico-node[DaemonSet] +10.0.0.0-10.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents-agent[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents-analyzer[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +11.0.0.0-172.20.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +11.0.0.0-172.20.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system/calico-node[DaemonSet] +11.0.0.0-172.20.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents-agent[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.21.0.0-172.21.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.21.0.0-172.21.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system/calico-node[DaemonSet] +172.21.0.0-172.21.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents-agent[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.22.0.0-172.29.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.22.0.0-172.29.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system/calico-node[DaemonSet] +172.22.0.0-172.29.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents-agent[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.30.0.0-172.30.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.30.0.0-172.30.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system/calico-node[DaemonSet] +172.30.0.0-172.30.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents-agent[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.31.0.0-255.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.31.0.0-255.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system/calico-node[DaemonSet] +172.31.0.0-255.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents-agent[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => default/cognetive-agents[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-agents[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-agents[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-agents[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => 0.0.0.0-255.255.255.255 +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => 0.0.0.0-255.255.255.255 +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/calico-node[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => 0.0.0.0-255.255.255.255 +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/calico-node[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/calico-node[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/calico-node[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] diff --git a/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt new file mode 100644 index 00000000..9c689fe0 --- /dev/null +++ b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt @@ -0,0 +1,657 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/details-v1-79f774bdb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/details-v1-79f774bdb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/ingress-policy // service details + 2) [NP] default/details-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service details (ports not referenced) + 2) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service details (protocols not referenced) + 2) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/unicorn[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/ingress-policy // service unicorn + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service unicorn (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service unicorn (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/details-v1-79f774bdb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/unicorn[Deployment] +default/unicorn[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt new file mode 100644 index 00000000..8fa739ec --- /dev/null +++ b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt @@ -0,0 +1,33 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => ingressworld/ingress-world-multiple-ports[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] ingressworld/route-1 // service ingress-world + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world + +DENIED TCP:[1-7999,8001-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world (protocols not referenced) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => ingressworld/ingress-world-multiple-ports[Deployment] +ingressworld/ingress-world-multiple-ports[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt new file mode 100644 index 00000000..38578cb0 --- /dev/null +++ b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt @@ -0,0 +1,966 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] demo/query-to-ui // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-bank-ui[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +ALLOWED TCP:[8080,9090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] demo/ui-to-command // Ingress rule #1 + +ALLOWED UDP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] demo/ui-to-command // Ingress rule #1 + +DENIED TCP:[1-8079,8081-9089,9091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced) + +DENIED UDP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-agents[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-agents-analyzer[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-agents[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/calico-node-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/calico-node[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/kube-fluentd[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => vendor-system/barbar-app[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => vendor-system/foofoo-app[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/cog-agents-analyzer[DaemonSet] +0.0.0.0-255.255.255.255 => default/cog-agents[DaemonSet] +0.0.0.0-255.255.255.255 => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +0.0.0.0-255.255.255.255 => demo/cog-agents-account-query[DaemonSet] +0.0.0.0-255.255.255.255 => demo/cog-agents-bank-ui[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/calico-node-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/calico-node[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/keepalived-watcher-not-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/keepalived-watcher[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/kube-fluentd-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/kube-fluentd[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet] +0.0.0.0-255.255.255.255 => vendor-system/barbar-app[ReplicaSet] +0.0.0.0-255.255.255.255 => vendor-system/foofoo-app[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cog-agents-analyzer[DaemonSet] => default/cog-agents[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +default/cog-agents[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cog-agents[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +default/cog-agents[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +default/cog-agents[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-agents[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-agents[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-agents[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => 0.0.0.0-255.255.255.255 +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => default/cog-agents[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => 0.0.0.0-255.255.255.255 +demo/cog-agents-account-command[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => default/cog-agents[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/calico-node[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => 0.0.0.0-255.255.255.255 +demo/cog-agents-bank-ui[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => default/cog-agents[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/calico-node[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/calico-node[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/calico-node[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/calico-node[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/calico-node[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/keepalived-watcher[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/kube-fluentd[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => 0.0.0.0-255.255.255.255 +vendor-system/barbar-app[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => default/cog-agents[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/calico-node[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => 0.0.0.0-255.255.255.255 +vendor-system/foofoo-app[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => default/cog-agents[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/calico-node[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt new file mode 100644 index 00000000..f1c4f281 --- /dev/null +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -0,0 +1,42 @@ + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => helloworld/pod-a[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/new-pod[Deployment] => helloworld/pod-a[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port // Ingress rule #1 (named ports of the rule have no match in the configuration of the dst peer) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => helloworld/new-pod[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => helloworld/new-pod[Deployment] +helloworld/new-pod[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/new_online_boutique_explain_output.txt b/test_outputs/connlist/new_online_boutique_explain_output.txt new file mode 100644 index 00000000..69202d87 --- /dev/null +++ b/test_outputs/connlist/new_online_boutique_explain_output.txt @@ -0,0 +1,1345 @@ + +##################################### +# All Connections and their reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/loadgenerator[Deployment] diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt new file mode 100644 index 00000000..6b527404 --- /dev/null +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -0,0 +1,1536 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-netpol // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #7 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/redis-cart-78746d49dc[ReplicaSet] +default/redis-cart-78746d49dc[ReplicaSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt new file mode 100644 index 00000000..36b80c54 --- /dev/null +++ b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt @@ -0,0 +1,1675 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-netpol // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #7 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external + 2) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external (ports not referenced) + 2) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external (protocols not referenced) + 2) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/redis-cart[Deployment] +default/redis-cart[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/route_example_with_target_port_explain_output.txt b/test_outputs/connlist/route_example_with_target_port_explain_output.txt new file mode 100644 index 00000000..b9eaa629 --- /dev/null +++ b/test_outputs/connlist/route_example_with_target_port_explain_output.txt @@ -0,0 +1,33 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => routes-world/workload-with-multiple-ports[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routes-world/route-1 // service routes-world-svc + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routes-world/route-2 // service routes-world-svc + +DENIED TCP:[1-7999,8001-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routes-world/route-1 // service routes-world-svc (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routes-world/route-1 // service routes-world-svc (protocols not referenced) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => routes-world/workload-with-multiple-ports[Deployment] +routes-world/workload-with-multiple-ports[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/tests/anp_banp_blog_demo_2/ns.yaml b/tests/anp_banp_blog_demo_2/ns.yaml new file mode 100644 index 00000000..c9b2481e --- /dev/null +++ b/tests/anp_banp_blog_demo_2/ns.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foo + labels: + security: internal + kubernetes.io/metadata.name: foo +--- + +apiVersion: v1 +kind: Namespace +metadata: + name: bar + labels: + security: internal + kubernetes.io/metadata.name: bar + +--- + +apiVersion: v1 +kind: Namespace +metadata: + name: baz + labels: + kubernetes.io/metadata.name: baz + +--- + + +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + kubernetes.io/metadata.name: monitoring \ No newline at end of file diff --git a/tests/anp_banp_blog_demo_2/policies.yaml b/tests/anp_banp_blog_demo_2/policies.yaml new file mode 100644 index 00000000..e13d77e8 --- /dev/null +++ b/tests/anp_banp_blog_demo_2/policies.yaml @@ -0,0 +1,87 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: foo +spec: + podSelector: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: BaselineAdminNetworkPolicy +metadata: + name: default +spec: + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "deny-ingress-from-all-namespaces-on-TCP1-9000" + action: "Deny" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portRange: + protocol: TCP + start: 1 + end: 9000 + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: allow-monitoring +spec: + priority: 9 + subject: + namespaces: {} + ingress: + - name: "allow-ingress-from-monitoring-on-TCP1234" + action: "Allow" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 1234 + + + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: pass-monitoring +spec: + priority: 7 + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "pass-ingress-from-monitoring-on-TCP8080" + action: "Pass" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 8080 + diff --git a/tests/anp_banp_blog_demo_2/workloads.yaml b/tests/anp_banp_blog_demo_2/workloads.yaml new file mode 100644 index 00000000..51061e87 --- /dev/null +++ b/tests/anp_banp_blog_demo_2/workloads.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Pod +metadata: + namespace: foo + name: myfoo + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: fooimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: bar + name: mybar + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: barimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: baz + name: mybaz + labels: + security: none +spec: + containers: + - name: myfirstcontainer + image: bazimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: monitoring + name: mymonitoring + labels: + security: monitoring +spec: + containers: + - name: myfirstcontainer + image: monitoringimage + +--- + +