From 46844111c69744880d3d8008f5789563841461aa Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 10 Dec 2024 09:51:35 +0200 Subject: [PATCH 01/28] explainability --- pkg/cli/list.go | 5 + pkg/internal/testutils/testutils.go | 13 + pkg/netpol/connlist/connlist.go | 47 +- pkg/netpol/connlist/conns_formatter.go | 37 +- pkg/netpol/connlist/conns_formatter_csv.go | 9 +- pkg/netpol/connlist/conns_formatter_dot.go | 2 +- pkg/netpol/connlist/conns_formatter_json.go | 5 +- pkg/netpol/connlist/conns_formatter_md.go | 9 +- pkg/netpol/connlist/conns_formatter_txt.go | 61 +- pkg/netpol/connlist/explanation_test.go | 78 ++ pkg/netpol/connlist/exposure_analysis.go | 2 + pkg/netpol/connlist/exposure_analysis_test.go | 35 +- .../ingressanalyzer/ingress_analyzer.go | 22 +- .../ingressanalyzer/ingress_analyzer_test.go | 7 +- .../internal/ingressanalyzer/service_test.go | 2 +- pkg/netpol/eval/check.go | 34 +- pkg/netpol/eval/eval_test.go | 11 +- pkg/netpol/eval/internal/k8s/adminnetpol.go | 48 +- .../internal/k8s/baseline_admin_netpol.go | 12 +- pkg/netpol/eval/internal/k8s/netpol.go | 126 +-- pkg/netpol/eval/internal/k8s/netpol_test.go | 14 +- pkg/netpol/eval/internal/k8s/pod.go | 12 +- .../eval/internal/k8s/policy_connections.go | 54 +- pkg/netpol/eval/resources.go | 9 +- .../internal/common/augmented_intervalset.go | 721 ++++++++++++++++++ pkg/netpol/internal/common/connection.go | 2 +- pkg/netpol/internal/common/connectionset.go | 319 +++++--- pkg/netpol/internal/common/portset.go | 135 ++-- .../anp_banp_blog_demo_2_explain_output.txt | 126 +++ ..._workload_my-monitoring_explain_output.txt | 33 + tests/anp_banp_blog_demo_2/ns.yaml | 35 + tests/anp_banp_blog_demo_2/policies.yaml | 87 +++ tests/anp_banp_blog_demo_2/workloads.yaml | 57 ++ 33 files changed, 1858 insertions(+), 311 deletions(-) create mode 100644 pkg/netpol/connlist/explanation_test.go create mode 100644 pkg/netpol/internal/common/augmented_intervalset.go create mode 100644 test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt create mode 100644 test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt create mode 100644 tests/anp_banp_blog_demo_2/ns.yaml create mode 100644 tests/anp_banp_blog_demo_2/policies.yaml create mode 100644 tests/anp_banp_blog_demo_2/workloads.yaml diff --git a/pkg/cli/list.go b/pkg/cli/list.go index 37a11e61..3d52a69f 100644 --- a/pkg/cli/list.go +++ b/pkg/cli/list.go @@ -22,6 +22,7 @@ import ( var ( focusWorkload string exposureAnalysis bool + explain bool output string // output format outFile string // output file ) @@ -85,6 +86,9 @@ func getConnlistOptions(l *logger.DefaultLogger) []connlist.ConnlistAnalyzerOpti if exposureAnalysis { res = append(res, connlist.WithExposureAnalysis()) } + if explain { + res = append(res, connlist.WithExplanation()) + } return res } @@ -130,6 +134,7 @@ defined`, c.Flags().StringVarP(&focusWorkload, "focusworkload", "", "", "Focus connections of specified workload in the output ( or )") c.Flags().BoolVarP(&exposureAnalysis, "exposure", "", false, "Enhance the analysis of permitted connectivity with exposure analysis") + c.Flags().BoolVarP(&explain, "explain", "", false, "Enhance the analysis of permitted connectivity with explainability information") // output format - default txt // output format - default txt supportedFormats := strings.Join(connlist.ValidFormats, ",") diff --git a/pkg/internal/testutils/testutils.go b/pkg/internal/testutils/testutils.go index 8e1f05c9..89a71237 100644 --- a/pkg/internal/testutils/testutils.go +++ b/pkg/internal/testutils/testutils.go @@ -26,6 +26,7 @@ var update = flag.Bool("update", false, "write or override golden files") const ( connlistExpectedOutputFilePartialName = "connlist_output." + explainExpectedOutputFilePartialName = "explain_output." exposureExpectedOutputFilePartialName = "exposure_output." underscore = "_" dotSign = "." @@ -56,6 +57,18 @@ func ConnlistTestNameByTestArgs(dirName, focusWorkload, format string, exposureF return testName, expectedOutputFileName } +// ExplainTestNameByTestArgs returns explain test name and test's expected output file from some tests args +func ExplainTestNameByTestArgs(dirName, focusWorkload string) (testName, expectedOutputFileName string) { + namePrefix := dirName + if focusWorkload != "" { + namePrefix += focusWlAnnotation + strings.Replace(focusWorkload, "/", underscore, 1) + } + testName = namePrefix + outputPartialName := explainExpectedOutputFilePartialName + expectedOutputFileName = namePrefix + underscore + outputPartialName + output.TextFormat + return testName, expectedOutputFileName +} + // DiffTestNameByTestArgs returns diff test name and test's expected output file from some tests args func DiffTestNameByTestArgs(ref1, ref2, format string) (testName, expectedOutputFileName string) { namePrefix := "diff_between_" + ref2 + "_and_" + ref1 diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 5381d971..522665ff 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -47,6 +47,7 @@ type ConnlistAnalyzer struct { focusWorkload string exposureAnalysis bool exposureResult []ExposedPeer + explain bool outputFormat string muteErrsAndWarns bool peersList []Peer // internally used peersList used in dot formatting; in case of focusWorkload option contains only relevant peers @@ -136,6 +137,13 @@ func WithExposureAnalysis() ConnlistAnalyzerOption { } } +// WithExplanation is a functional option which directs ConnlistAnalyzer to return explainability of connectivity +func WithExplanation() ConnlistAnalyzerOption { + return func(c *ConnlistAnalyzer) { + c.explain = true + } +} + // WithOutputFormat is a functional option, allowing user to choose the output format txt/json/dot/csv/md. func WithOutputFormat(outputFormat string) ConnlistAnalyzerOption { return func(p *ConnlistAnalyzer) { @@ -158,6 +166,7 @@ func NewConnlistAnalyzer(options ...ConnlistAnalyzerOption) *ConnlistAnalyzer { stopOnError: false, exposureAnalysis: false, exposureResult: nil, + explain: false, errors: []ConnlistError{}, outputFormat: output.DefaultFormat, } @@ -201,10 +210,10 @@ func (ca *ConnlistAnalyzer) hasFatalError() error { func (ca *ConnlistAnalyzer) getPolicyEngine(objectsList []parser.K8sObject) (*eval.PolicyEngine, error) { // TODO: do we need logger in policyEngine? if !ca.exposureAnalysis { - return eval.NewPolicyEngineWithObjects(objectsList) + return eval.NewPolicyEngineWithObjects(objectsList, ca.explain) } // else build new policy engine with exposure analysis option - pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis) + pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis, ca.explain) err := pe.AddObjectsForExposureAnalysis(objectsList) return pe, err } @@ -225,7 +234,7 @@ func (ca *ConnlistAnalyzer) connsListFromParsedResources(objectsList []parser.K8 // ConnlistFromK8sCluster returns the allowed connections list from k8s cluster resources, and list of all peers names func (ca *ConnlistAnalyzer) ConnlistFromK8sCluster(clientset *kubernetes.Clientset) ([]Peer2PeerConnection, []Peer, error) { - pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis) + pe := eval.NewPolicyEngineWithOptions(ca.exposureAnalysis, ca.explain) // get all resources from k8s cluster ctx, cancel := context.WithTimeout(context.Background(), ctxTimeoutSeconds*time.Second) @@ -275,7 +284,7 @@ func (ca *ConnlistAnalyzer) ConnectionsListToString(conns []Peer2PeerConnection) ca.errors = append(ca.errors, newResultFormattingError(err)) return "", err } - out, err := connsFormatter.writeOutput(conns, ca.exposureResult, ca.exposureAnalysis) + out, err := connsFormatter.writeOutput(conns, ca.exposureResult, ca.exposureAnalysis, ca.explain) if err != nil { ca.errors = append(ca.errors, newResultFormattingError(err)) return "", err @@ -325,10 +334,11 @@ const ( // connection implements the Peer2PeerConnection interface type connection struct { - src Peer - dst Peer - allConnections bool - protocolsAndPorts map[v1.Protocol][]common.PortRange + src Peer + dst Peer + allConnections bool + commonImplyingRules common.ImplyingRulesType // used for explainability, when allConnections is true + protocolsAndPorts map[v1.Protocol][]common.PortRange } func (c *connection) Src() Peer { @@ -344,13 +354,19 @@ func (c *connection) ProtocolsAndPorts() map[v1.Protocol][]common.PortRange { return c.protocolsAndPorts } +func (c *connection) OnlySystemDefaultRule() bool { + return c.allConnections && len(c.protocolsAndPorts) == 0 && c.commonImplyingRules.OnlySystemDefaultRule() +} + // returns a *common.ConnectionSet from Peer2PeerConnection data func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.ConnectionSet { protocolsToPortSetMap := make(map[v1.Protocol]*common.PortSet, len(c.ProtocolsAndPorts())) for protocol, portRangeArr := range c.ProtocolsAndPorts() { protocolsToPortSetMap[protocol] = common.MakePortSet(false) for _, p := range portRangeArr { - protocolsToPortSetMap[protocol].AddPortRange(p.Start(), p.End()) + augmentedRange := p.(*common.PortRangeData) + // we cannot fill explainability data here, so we pass an empty rule name and an arbitrary direction (isIngress being true) + protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), augmentedRange.InSet(), "", true) } } connectionSet := &common.ConnectionSet{AllowAll: c.AllProtocolsAndPorts(), AllowedProtocols: protocolsToPortSetMap} @@ -538,8 +554,8 @@ func (ca *ConnlistAnalyzer) getConnectionsBetweenPeers(pe *eval.PolicyEngine, pe return nil, nil, err } } - // skip empty connections - if allowedConnections.IsEmpty() { + // skip empty connections when running without explainability + if allowedConnections.IsEmpty() && !ca.explain { continue } p2pConnection, err := ca.getP2PConnOrUpdateExposureConn(pe, allowedConnections, srcPeer, dstPeer, exposureMaps) @@ -636,10 +652,11 @@ func (ca *ConnlistAnalyzer) getP2PConnOrUpdateExposureConn(pe *eval.PolicyEngine // helper function - returns a connection object from the given fields func createConnectionObject(allowedConnections common.Connection, src, dst Peer) *connection { return &connection{ - src: src, - dst: dst, - allConnections: allowedConnections.IsAllConnections(), - protocolsAndPorts: allowedConnections.ProtocolsAndPortsMap(), + src: src, + dst: dst, + allConnections: allowedConnections.IsAllConnections(), + commonImplyingRules: allowedConnections.(*common.ConnectionSet).CommonImplyingRules, + protocolsAndPorts: allowedConnections.ProtocolsAndPortsMap(true), } } diff --git a/pkg/netpol/connlist/conns_formatter.go b/pkg/netpol/connlist/conns_formatter.go index a7701610..4456aa73 100644 --- a/pkg/netpol/connlist/conns_formatter.go +++ b/pkg/netpol/connlist/conns_formatter.go @@ -37,12 +37,12 @@ type ipMaps struct { // saveConnsWithIPs gets a P2P connection; if the connection includes an IP-Peer as one of its end-points; the conn is saved in the // matching map of the formatText maps -func (i *ipMaps) saveConnsWithIPs(conn Peer2PeerConnection) { +func (i *ipMaps) saveConnsWithIPs(conn Peer2PeerConnection, explain bool) { if conn.Src().IsPeerIPType() { - i.PeerToConnsFromIPs[conn.Dst().String()] = append(i.PeerToConnsFromIPs[conn.Dst().String()], formSingleP2PConn(conn)) + i.PeerToConnsFromIPs[conn.Dst().String()] = append(i.PeerToConnsFromIPs[conn.Dst().String()], formSingleP2PConn(conn, explain)) } if conn.Dst().IsPeerIPType() { - i.peerToConnsToIPs[conn.Src().String()] = append(i.peerToConnsToIPs[conn.Src().String()], formSingleP2PConn(conn)) + i.peerToConnsToIPs[conn.Src().String()] = append(i.peerToConnsToIPs[conn.Src().String()], formSingleP2PConn(conn, explain)) } } @@ -57,14 +57,15 @@ func createIPMaps(initMapsFlag bool) (ipMaps ipMaps) { // connsFormatter implements output formatting in the required output format type connsFormatter interface { - writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) + writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool, explain bool) (string, error) } // singleConnFields represents a single connection object type singleConnFields struct { - Src string `json:"src"` - Dst string `json:"dst"` - ConnString string `json:"conn"` + Src string `json:"src"` + Dst string `json:"dst"` + ConnString string `json:"conn"` + Explanation string `json:"explanation,omitempty"` } // string representation of the singleConnFields struct @@ -72,10 +73,22 @@ func (c singleConnFields) string() string { return fmt.Sprintf("%s => %s : %s", c.Src, c.Dst, c.ConnString) } +func (c singleConnFields) nodePairString() string { + return fmt.Sprintf("%s => %s", c.Src, c.Dst) +} + +func (c singleConnFields) stringWithExplanation() string { + return fmt.Sprintf("CONNECTIONS BETWEEN %s => %s:\n\n%s", c.Src, c.Dst, c.Explanation) +} + // formSingleP2PConn returns a string representation of single connection fields as singleConnFields object -func formSingleP2PConn(conn Peer2PeerConnection) singleConnFields { +func formSingleP2PConn(conn Peer2PeerConnection, explain bool) singleConnFields { connStr := common.ConnStrFromConnProperties(conn.AllProtocolsAndPorts(), conn.ProtocolsAndPorts()) - return singleConnFields{Src: conn.Src().String(), Dst: conn.Dst().String(), ConnString: connStr} + expl := "" + if explain { + expl = common.ExplanationFromConnProperties(conn.AllProtocolsAndPorts(), conn.(*connection).commonImplyingRules, conn.ProtocolsAndPorts()) + } + return singleConnFields{Src: conn.Src().String(), Dst: conn.Dst().String(), ConnString: connStr, Explanation: expl} } // commonly (to be) used for exposure analysis output formatters @@ -181,13 +194,13 @@ func getRepresentativePodString(podLabels v1.LabelSelector, txtOutFlag bool) str // getConnlistAsSortedSingleConnFieldsArray returns a sorted singleConnFields list from Peer2PeerConnection list. // creates ipMaps object if the format requires it (to be used for exposure results later) -func getConnlistAsSortedSingleConnFieldsArray(conns []Peer2PeerConnection, ipMaps ipMaps, saveToIPMaps bool) []singleConnFields { +func getConnlistAsSortedSingleConnFieldsArray(conns []Peer2PeerConnection, ipMaps ipMaps, saveToIPMaps, explain bool) []singleConnFields { connItems := make([]singleConnFields, len(conns)) for i := range conns { if saveToIPMaps { - ipMaps.saveConnsWithIPs(conns[i]) + ipMaps.saveConnsWithIPs(conns[i], explain) } - connItems[i] = formSingleP2PConn(conns[i]) + connItems[i] = formSingleP2PConn(conns[i], explain) } return sortConnFields(connItems, true) } diff --git a/pkg/netpol/connlist/conns_formatter_csv.go b/pkg/netpol/connlist/conns_formatter_csv.go index a8ed59df..acfaf70a 100644 --- a/pkg/netpol/connlist/conns_formatter_csv.go +++ b/pkg/netpol/connlist/conns_formatter_csv.go @@ -18,12 +18,13 @@ type formatCSV struct { // writeOutput returns a CSV string form of connections from list of Peer2PeerConnection objects // and exposure analysis results from list ExposedPeer if exists -func (cs *formatCSV) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (cs *formatCSV) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag // writing csv rows into a buffer buf := new(bytes.Buffer) writer := csv.NewWriter(buf) - err := cs.writeCsvConnlistTable(conns, writer, exposureFlag) + err := cs.writeCsvConnlistTable(conns, writer, exposureFlag, explain) if err != nil { return "", err } @@ -61,14 +62,14 @@ func writeTableRows(conns []singleConnFields, writer *csv.Writer, srcFirst bool) } // writeCsvConnlistTable writes csv table for the Peer2PeerConnection list -func (cs *formatCSV) writeCsvConnlistTable(conns []Peer2PeerConnection, writer *csv.Writer, saveIPConns bool) error { +func (cs *formatCSV) writeCsvConnlistTable(conns []Peer2PeerConnection, writer *csv.Writer, saveIPConns, explain bool) error { err := writeCsvColumnsHeader(writer, true) if err != nil { return err } cs.ipMaps = createIPMaps(saveIPConns) // get an array of sorted conns items ([]singleConnFields), if required also save the relevant conns to ipMaps - sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, cs.ipMaps, saveIPConns) + sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, cs.ipMaps, saveIPConns, explain) return writeTableRows(sortedConnItems, writer, true) } diff --git a/pkg/netpol/connlist/conns_formatter_dot.go b/pkg/netpol/connlist/conns_formatter_dot.go index adcde568..94660398 100644 --- a/pkg/netpol/connlist/conns_formatter_dot.go +++ b/pkg/netpol/connlist/conns_formatter_dot.go @@ -59,7 +59,7 @@ func getPeerLine(peer Peer) (string, bool) { // returns a dot string form of connections from list of Peer2PeerConnection objects // and from exposure-analysis results if exists -func (d *formatDOT) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (d *formatDOT) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { // 1. declaration of maps and slices to be used for forming the graph lines nsPeers := make(map[string][]string) // map from namespace to its peers (grouping peers by namespaces) nsRepPeers := make(map[string][]string) // map from representative namespace to its representative peers diff --git a/pkg/netpol/connlist/conns_formatter_json.go b/pkg/netpol/connlist/conns_formatter_json.go index c7b8ecce..09b1d966 100644 --- a/pkg/netpol/connlist/conns_formatter_json.go +++ b/pkg/netpol/connlist/conns_formatter_json.go @@ -29,13 +29,14 @@ type exposureFields struct { // writeOutput returns a json string form of connections from list of Peer2PeerConnection objects // and exposure analysis results from list ExposedPeer if exists -func (j *formatJSON) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (j *formatJSON) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag j.ipMaps = createIPMaps(exposureFlag) // output variables var jsonConns []byte var err error // get an array of sorted connlist items ([]singleConnFields) - sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, j.ipMaps, exposureFlag) + sortedConnItems := getConnlistAsSortedSingleConnFieldsArray(conns, j.ipMaps, exposureFlag, explain) if exposureFlag { // get an array of sorted exposure items ingressExposureItems, egressExposureItems, _ := getExposureConnsAsSortedSingleConnFieldsArray(exposureConns, j.ipMaps) diff --git a/pkg/netpol/connlist/conns_formatter_md.go b/pkg/netpol/connlist/conns_formatter_md.go index 888dc92d..256d76c3 100644 --- a/pkg/netpol/connlist/conns_formatter_md.go +++ b/pkg/netpol/connlist/conns_formatter_md.go @@ -45,9 +45,10 @@ func getMDLine(c singleConnFields, srcFirst bool) string { // writeOutput returns a md string form of connections from list of Peer2PeerConnection objects, // and exposure analysis results from list ExposedPeer if exists -func (md *formatMD) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { +func (md *formatMD) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + // Tanya TODO - handle explain flag // first write connlist lines - allLines := md.writeMdConnlistLines(conns, exposureFlag) + allLines := md.writeMdConnlistLines(conns, exposureFlag, explain) if !exposureFlag { return strings.Join(allLines, newLineChar) + newLineChar, nil } @@ -66,9 +67,9 @@ func writeMdLines(conns []singleConnFields, srcFirst bool) []string { } // writeMdConnlistLines returns md lines from the list of Peer2PeerConnection -func (md *formatMD) writeMdConnlistLines(conns []Peer2PeerConnection, saveIPConns bool) []string { +func (md *formatMD) writeMdConnlistLines(conns []Peer2PeerConnection, saveIPConns, explain bool) []string { md.ipMaps = createIPMaps(saveIPConns) - sortedConns := getConnlistAsSortedSingleConnFieldsArray(conns, md.ipMaps, saveIPConns) + sortedConns := getConnlistAsSortedSingleConnFieldsArray(conns, md.ipMaps, saveIPConns, explain) connlistLines := []string{getMDHeader(true)} // connlist results are formatted: src | dst | conn connlistLines = append(connlistLines, writeMdLines(sortedConns, true)...) return connlistLines diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index 2168419f..cee00c6f 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -9,7 +9,8 @@ package connlist import ( "fmt" "sort" - "strings" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" ) // formatText: implements the connsFormatter interface for txt output format @@ -19,8 +20,8 @@ type formatText struct { // writeOutput returns a textual string format of connections from list of Peer2PeerConnection objects, // and exposure analysis results if exist -func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag bool) (string, error) { - res := t.writeConnlistOutput(conns, exposureFlag) +func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []ExposedPeer, exposureFlag, explain bool) (string, error) { + res := t.writeConnlistOutput(conns, exposureFlag, explain) if !exposureFlag { return res, nil } @@ -33,22 +34,62 @@ func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []Ex } // writeConnlistOutput writes the section of the connlist result of the output -func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns bool) string { - connLines := make([]string, len(conns)) +func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns, explain bool) string { + connLines := make([]singleConnFields, 0, len(conns)) + systemDefaultConnLines := make([]singleConnFields, 0, len(conns)) t.ipMaps = createIPMaps(saveIPConns) for i := range conns { - connLines[i] = formSingleP2PConn(conns[i]).string() + p2pConn := formSingleP2PConn(conns[i], explain) + if explain { + // when running with explanation, we print system default connections at the end + if conns[i].(*connection).OnlySystemDefaultRule() { + systemDefaultConnLines = append(systemDefaultConnLines, p2pConn) + } else { + connLines = append(connLines, p2pConn) + } + } else { + connLines = append(connLines, p2pConn) + } // if we have exposure analysis results, also check if src/dst is an IP and store the connection if saveIPConns { - t.ipMaps.saveConnsWithIPs(conns[i]) + t.ipMaps.saveConnsWithIPs(conns[i], explain) + } + } + sortConnFields(connLines, true) + if explain { + sortConnFields(systemDefaultConnLines, true) + } + result := "" + if explain { + result = writeExplanationOutput(connLines, systemDefaultConnLines) + } else { + for _, p2pConn := range connLines { + result += p2pConn.string() + newLineChar + } + } + return result +} + +func writeExplanationOutput(connLines, systemDefaultConnLines []singleConnFields) string { + result := "" + for _, p2pConn := range connLines { + result += nodePairSeparationLine + result += p2pConn.stringWithExplanation() + newLineChar + } + if len(systemDefaultConnLines) > 0 { + result += nodePairSeparationLine + systemDefaultPairsHeader + for _, p2pConn := range systemDefaultConnLines { + result += p2pConn.nodePairString() + newLineChar } } - sort.Strings(connLines) - return strings.Join(connLines, newLineChar) + newLineChar + return result } const ( - unprotectedHeader = "\nWorkloads not protected by network policies:\n" + unprotectedHeader = "\nWorkloads not protected by network policies:\n" + separationLine80 = "--------------------------------------------------------------------------------" + nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine + systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemDefaultRule + ":\n" ) // writeExposureOutput writes the section of the exposure-analysis result diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go new file mode 100644 index 00000000..a308e941 --- /dev/null +++ b/pkg/netpol/connlist/explanation_test.go @@ -0,0 +1,78 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +package connlist + +import ( + "fmt" + "testing" + + "github.com/np-guard/netpol-analyzer/pkg/internal/output" + "github.com/np-guard/netpol-analyzer/pkg/internal/testutils" + + "github.com/stretchr/testify/require" +) + +// file for testing functionality of explainability analysis + +func TestExplainFromDir(t *testing.T) { + t.Parallel() + for _, tt := range explainTests { + tt := tt + t.Run(tt.testDirName, func(t *testing.T) { + t.Parallel() + pTest := prepareExplainTest(tt.testDirName, tt.focusWorkload) + res, _, err := pTest.analyzer.ConnlistFromDirPath(pTest.dirPath) + require.Nil(t, err, pTest.testInfo) + out, err := pTest.analyzer.ConnectionsListToString(res) + require.Nil(t, err, pTest.testInfo) + testutils.CheckActualVsExpectedOutputMatch(t, pTest.expectedOutputFileName, out, + pTest.testInfo, currentPkg) + }) + } +} + +func prepareExplainTest(dirName, focusWorkload string) preparedTest { + res := preparedTest{} + res.testName, res.expectedOutputFileName = testutils.ExplainTestNameByTestArgs(dirName, focusWorkload) + res.testInfo = fmt.Sprintf("test: %q", res.testName) + cAnalyzer := NewConnlistAnalyzer(WithOutputFormat(output.TextFormat), WithFocusWorkload(focusWorkload), WithExplanation()) + res.analyzer = cAnalyzer + res.dirPath = testutils.GetTestDirPath(dirName) + return res +} + +var explainTests = []struct { + testDirName string + focusWorkload string +}{ + // { + // testDirName: "anp_test_10", + // }, + { + testDirName: "anp_banp_blog_demo", + focusWorkload: "my-monitoring", + }, + { + testDirName: "anp_banp_blog_demo_2", + // focusWorkload: "my-monitoring", + }, + // { + // testDirName: "ipblockstest", + // }, + // { + // testDirName: "onlineboutique", + // }, + // { + // testDirName: "anp_banp_blog_demo", + // }, + // { + // testDirName: "acs-security-demos", + // }, + // { + // testDirName: "acs-security-demos", + // focusWorkload: "ingress-controller", + // }, +} diff --git a/pkg/netpol/connlist/exposure_analysis.go b/pkg/netpol/connlist/exposure_analysis.go index e2c76d74..a3491975 100644 --- a/pkg/netpol/connlist/exposure_analysis.go +++ b/pkg/netpol/connlist/exposure_analysis.go @@ -78,6 +78,8 @@ func xgressExposureListToXgressExposureDataList(xgressExp []*xgressExposure) []X res := make([]XgressExposureData, len(xgressExp)) for i := range xgressExp { res[i] = xgressExp[i] + exposure := res[i].(*xgressExposure) + exposure.potentialConn = exposure.potentialConn.GetEquivalentCanonicalConnectionSet() } return res } diff --git a/pkg/netpol/connlist/exposure_analysis_test.go b/pkg/netpol/connlist/exposure_analysis_test.go index ccda3db3..fd46228e 100644 --- a/pkg/netpol/connlist/exposure_analysis_test.go +++ b/pkg/netpol/connlist/exposure_analysis_test.go @@ -54,7 +54,7 @@ func newTCPConnWithPorts(ports []int) *common.ConnectionSet { conn := common.MakeConnectionSet(false) portSet := common.MakePortSet(false) for i := range ports { - portSet.AddPort(intstr.FromInt(ports[i])) + portSet.AddPort(intstr.FromInt(ports[i]), common.InitImplyingRules()) } conn.AddConnection(v1.ProtocolTCP, portSet) return conn @@ -337,16 +337,41 @@ func checkExpectedVsActualData(t *testing.T, testName string, actualExp ExposedP "test: %q, mismatch in is egress protected for peer %q", testName, actualExp.ExposedPeer().String()) require.Equal(t, expectedData.isIngressProtected, actualExp.IsProtectedByIngressNetpols(), "test: %q, mismatch in is ingress protected for peer %q", testName, actualExp.ExposedPeer().String()) - require.Equal(t, expectedData.lenIngressExposedConns, len(actualExp.IngressExposure()), + ingressExposure := actualExp.IngressExposure() + require.Equal(t, expectedData.lenIngressExposedConns, len(ingressExposure), "test: %q, mismatch in length of ingress exposure slice for peer %q", testName, actualExp.ExposedPeer().String()) for i := range expectedData.ingressExp { - require.Contains(t, actualExp.IngressExposure(), expectedData.ingressExp[i], + require.True(t, checkXgressExposureContainment(ingressExposure, expectedData.ingressExp[i]), "test: %q, expected ingress data %v is not contained in actual results", testName, expectedData.ingressExp[i]) } - require.Equal(t, expectedData.lenEgressExposedConns, len(actualExp.EgressExposure()), + egressExposure := actualExp.EgressExposure() + require.Equal(t, expectedData.lenEgressExposedConns, len(egressExposure), "test: %q, mismatch in length of egress exposure slice for peer %q", testName, actualExp.ExposedPeer().String()) for i := range expectedData.egressExp { - require.Contains(t, actualExp.EgressExposure(), expectedData.egressExp[i], + require.True(t, checkXgressExposureContainment(egressExposure, expectedData.egressExp[i]), "test: %q, expected egress data %v is not contained in actual results", testName, expectedData.egressExp[i]) } } + +func checkXgressExposureContainment(actualArray []XgressExposureData, expectedItem *xgressExposure) bool { + for i := range actualArray { + currItem := actualArray[i].(*xgressExposure) + if currItem.IsExposedToEntireCluster() != expectedItem.IsExposedToEntireCluster() { + continue + } + if !currItem.IsExposedToEntireCluster() { + if currItem.namespaceLabels.String() != expectedItem.namespaceLabels.String() { + continue + } + if currItem.podLabels.String() != expectedItem.podLabels.String() { + continue + } + } + conn1 := expectedItem.PotentialConnectivity().(*common.ConnectionSet) + conn2 := currItem.PotentialConnectivity().(*common.ConnectionSet) + if conn1.Equal(conn2) { + return true + } + } + return false +} diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index 897f9701..c6c488b2 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package ingressanalyzer import ( + "fmt" "strconv" ocroutev1 "github.com/openshift/api/route/v1" @@ -283,7 +284,7 @@ func (ia *IngressAnalyzer) AllowedIngressConnections() (map[string]*PeerAndIngre func mergeResults(routesMap, ingressMap map[string]*PeerAndIngressConnSet) { for k, v := range routesMap { if _, ok := ingressMap[k]; ok { - ingressMap[k].ConnSet.Union(v.ConnSet) + ingressMap[k].ConnSet.Union(v.ConnSet, false) } else { ingressMap[k] = v } @@ -301,20 +302,20 @@ func (ia *IngressAnalyzer) allowedIngressConnectionsByResourcesType(mapToIterate continue } for objName, svcList := range objSvcMap { - ingressObjTargetPeersAndPorts, err := ia.getIngressObjectTargetedPeersAndPorts(ns, svcList) + ingObjStr := types.NamespacedName{Namespace: ns, Name: objName}.String() + ingressObjTargetPeersAndPorts, err := ia.getIngressObjectTargetedPeersAndPorts(ns, ingObjStr, svcList, ingType) if err != nil { return nil, err } // avoid duplicates in the result, consider the different ports supported for peer, pConn := range ingressObjTargetPeersAndPorts { - ingObjStr := types.NamespacedName{Namespace: ns, Name: objName}.String() if _, ok := res[peer.String()]; !ok { mapLen := 2 ingressObjs := make(map[string][]string, mapLen) ingressObjs[ingType] = []string{ingObjStr} res[peer.String()] = &PeerAndIngressConnSet{Peer: peer, ConnSet: pConn, IngressObjects: ingressObjs} } else { - res[peer.String()].ConnSet.Union(pConn) + res[peer.String()].ConnSet.Union(pConn, false) res[peer.String()].IngressObjects[ingType] = append(res[peer.String()].IngressObjects[ingType], ingObjStr) } } @@ -326,23 +327,24 @@ func (ia *IngressAnalyzer) allowedIngressConnectionsByResourcesType(mapToIterate // getIngressObjectTargetedPeersAndPorts returns map from peers which are targeted by Route/k8s-Ingress objects in their namespace to // the Ingress required connections -func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns string, - svcList []serviceInfo) (map[eval.Peer]*common.ConnectionSet, error) { +func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns, ingObjStr string, + svcList []serviceInfo, ingType string) (map[eval.Peer]*common.ConnectionSet, error) { res := make(map[eval.Peer]*common.ConnectionSet) for _, svc := range svcList { peersAndPorts, ok := ia.servicesToPortsAndPeersMap[ns][svc.serviceName] if !ok { ia.logWarning("Ignoring target service " + svc.serviceName + " : service not found") } + ruleName := fmt.Sprintf("[%s] %s//service %s", ingType, ingObjStr, svc.serviceName) for _, peer := range peersAndPorts.peers { - currIngressPeerConn, err := ia.getIngressPeerConnection(peer, peersAndPorts.ports, svc.servicePort) + currIngressPeerConn, err := ia.getIngressPeerConnection(peer, peersAndPorts.ports, svc.servicePort, ruleName) if err != nil { return nil, err } if _, ok := res[peer]; !ok { res[peer] = currIngressPeerConn } else { - res[peer].Union(currIngressPeerConn) + res[peer].Union(currIngressPeerConn, false) } } } @@ -351,7 +353,7 @@ func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns string, // getIngressPeerConnection returns the ingress connection to a peer based on the required port specified in the ingress objects func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServicePorts []corev1.ServicePort, - requiredPort intstr.IntOrString) (*common.ConnectionSet, error) { + requiredPort intstr.IntOrString, ruleName string) (*common.ConnectionSet, error) { peerTCPConn := eval.GetPeerExposedTCPConnections(peer) // get the peer port/s which may be accessed by the service required port // (if the required port is not specified, all service ports are allowed) @@ -374,7 +376,7 @@ func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServic if peerTCPConn.Contains(strconv.Itoa(portNum), string(corev1.ProtocolTCP)) { permittedPort := common.MakePortSet(false) - permittedPort.AddPort(intstr.FromInt(portNum)) + permittedPort.AddPort(intstr.FromInt(portNum), common.MakeImplyingRulesWithRule(ruleName, true)) res.AddConnection(corev1.ProtocolTCP, permittedPort) } } diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go index 307e6f6a..b4dfbc3e 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer_test.go @@ -27,7 +27,7 @@ func getIngressAnalyzerFromDirObjects(t *testing.T, testName, dirName string, pr objects, fpErrs := parser.ResourceInfoListToK8sObjectsList(rList, logger.NewDefaultLogger(), false) require.Len(t, fpErrs, processingErrsNum, "test: %q, expected %d processing errors but got %d", testName, processingErrsNum, len(fpErrs)) - pe, err := eval.NewPolicyEngineWithObjects(objects) + pe, err := eval.NewPolicyEngineWithObjects(objects, false) require.Empty(t, err, "test: %q", testName) ia, err := NewIngressAnalyzerWithObjects(objects, pe, logger.NewDefaultLogger(), false) require.Empty(t, err, "test: %q", testName) @@ -97,9 +97,10 @@ func checkConnsEquality(t *testing.T, testName string, ingressConns map[string]* "test: %q, mismatch in ingress connections to %q", testName, peerStr) // if all connections is false; check if actual conns are as expected if !expectedIngressToPeer.allConnections { - require.Contains(t, ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap(), v1.Protocol(expectedIngressToPeer.protocol), + require.Contains(t, ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap(false), v1.Protocol(expectedIngressToPeer.protocol), "test: %q, mismatch in ingress connections to peer %q, should contain protocol %q", testName, peerStr, expectedIngressToPeer.protocol) - connPortRange := ingressConnsToPeer.ConnSet.ProtocolsAndPortsMap()[v1.Protocol(expectedIngressToPeer.protocol)] + connSet := ingressConnsToPeer.ConnSet.GetEquivalentCanonicalConnectionSet() + connPortRange := connSet.ProtocolsAndPortsMap(false)[v1.Protocol(expectedIngressToPeer.protocol)] require.Len(t, connPortRange, len(expectedIngressToPeer.ports), "test: %q, mismatch in ingress connections to %q", testName, peerStr) for i := range expectedIngressToPeer.ports { diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/service_test.go b/pkg/netpol/connlist/internal/ingressanalyzer/service_test.go index 7939629e..d73c7341 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/service_test.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/service_test.go @@ -90,7 +90,7 @@ func TestServiceMappingToPods(t *testing.T) { objects, processingErrs := parser.ResourceInfoListToK8sObjectsList(rList, logger.NewDefaultLogger(), false) require.Len(t, processingErrs, 1, "test: %q", tt.name) // no policies require.Len(t, objects, 17, "test: %q", tt.name) // found 6 services and 11 pods - pe, err := eval.NewPolicyEngineWithObjects(objects) + pe, err := eval.NewPolicyEngineWithObjects(objects, false) require.Empty(t, err, "test: %q", tt.name) ia, err := NewIngressAnalyzerWithObjects(objects, pe, logger.NewDefaultLogger(), false) require.Empty(t, err, "test: %q", tt.name) diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index 3964a0f1..f7568ced 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -16,7 +16,6 @@ import ( "k8s.io/apimachinery/pkg/types" "github.com/np-guard/models/pkg/netset" - "github.com/np-guard/netpol-analyzer/pkg/internal/netpolerrors" "github.com/np-guard/netpol-analyzer/pkg/netpol/eval/internal/k8s" "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" @@ -247,7 +246,10 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) var err error // cases where any connection is always allowed if isPodToItself(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(dstK8sPeer, srcK8sPeer) { - return common.MakeConnectionSet(true), nil + res = common.MakeConnectionSet(true) + res.AddCommonImplyingRule(common.PodToItselfRule, true) + res.AddCommonImplyingRule(common.PodToItselfRule, false) + return res, nil } // egress: get egress allowed connections between the src and dst by // walking through all k8s egress policies capturing the src; @@ -256,6 +258,7 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) if err != nil { return nil, err } + res.SetExplResult(false) if res.IsEmpty() { return res, nil } @@ -266,6 +269,7 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) if err != nil { return nil, err } + ingressRes.SetExplResult(true) res.Intersection(ingressRes) return res, nil } @@ -276,6 +280,10 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) // admin-network-policies, network-policies and baseline-admin-network-policies; // considering the precedence of each policy func (pe *PolicyEngine) allAllowedXgressConnections(src, dst k8s.Peer, isIngress bool) (allowedConns *common.ConnectionSet, err error) { + // Tanya TODO: think about the implicitly denied protocols/port ranges + // (due to NPs capturing this src/dst, but defining only some of protocols/ports) + // How to update implying rules in this case? + // first get allowed xgress conn between the src and dst from the ANPs // note that: // - anpConns may contain allowed, denied or/and passed connections @@ -287,6 +295,7 @@ func (pe *PolicyEngine) allAllowedXgressConnections(src, dst k8s.Peer, isIngress } // optimization: if all the conns between src and dst were determined by the ANPs : return the allowed conns if anpCaptured && anpConns.DeterminesAllConns() { + anpConns.AllowedConns.Subtract(anpConns.DeniedConns) // update explainabiliy data return anpConns.AllowedConns, nil } // second get the allowed xgress conns between the src and dst from the netpols @@ -386,7 +395,7 @@ func (pe *PolicyEngine) getAllAllowedXgressConnsFromNetpols(src, dst k8s.Peer, i if pe.exposureAnalysisFlag { updatePeerXgressClusterWideExposure(policy, src, dst, isIngress) } - allowedConns.Union(policyAllowedConnectionsPerDirection) + allowedConns.Union(policyAllowedConnectionsPerDirection, true) // collect implying rules from multiple NPs } // putting the result in policiesConns object to be compared with conns allowed by ANP/BANP later policiesConns = k8s.NewPolicyConnections() @@ -406,7 +415,7 @@ func (pe *PolicyEngine) determineAllowedConnsPerDirection(policy *k8s.NetworkPol case policy.IngressPolicyExposure.ClusterWideExposure.AllowAll && src.PeerType() == k8s.PodType: return policy.IngressPolicyExposure.ClusterWideExposure, nil default: - return policy.GetIngressAllowedConns(src, dst) + return policy.GetXgressAllowedConns(src, dst, true) } } // else get egress allowed conns between src and dst @@ -416,7 +425,7 @@ func (pe *PolicyEngine) determineAllowedConnsPerDirection(policy *k8s.NetworkPol case policy.EgressPolicyExposure.ClusterWideExposure.AllowAll && dst.PeerType() == k8s.PodType: return policy.EgressPolicyExposure.ClusterWideExposure, nil default: - return policy.GetEgressAllowedConns(dst) + return policy.GetXgressAllowedConns(src, dst, false) } } @@ -485,7 +494,11 @@ func (pe *PolicyEngine) getAllAllowedXgressConnectionsFromANPs(src, dst k8s.Peer } if policiesConns.IsEmpty() { // conns between src and dst were not captured by the adminNetpols, to be determined by netpols/default conns - return k8s.NewPolicyConnections(), false, nil + policiesConns.ComplementPassConns() + return policiesConns, false, nil + } + if !policiesConns.PassConns.AllowAll { + policiesConns.ComplementPassConns() } return policiesConns, true, nil @@ -502,7 +515,7 @@ func (pe *PolicyEngine) getAllAllowedXgressConnectionsFromANPs(src, dst k8s.Peer func (pe *PolicyEngine) getXgressDefaultConns(src, dst k8s.Peer, isIngress bool) (*k8s.PolicyConnections, error) { res := k8s.NewPolicyConnections() if pe.baselineAdminNetpol == nil { - res.AllowedConns = common.MakeConnectionSet(true) + res.AllowedConns = common.MakeAllConnectionSetWithRule(common.SystemDefaultRule, isIngress) return res, nil } if isIngress { // ingress @@ -530,8 +543,9 @@ func (pe *PolicyEngine) getXgressDefaultConns(src, dst k8s.Peer, isIngress bool) } } } - if res.IsEmpty() { // banp rules didn't capture xgress conn between src and dst, return system-default: allow-all - res.AllowedConns = common.MakeConnectionSet(true) - } + // if banp rules didn't capture xgress conn between src and dst, return system-default: allow-all; + // if banp rule captured xgress conn, only DeniedConns should be impacted by banp rule, + // whenever AllowedConns should anyway be system-default: allow-all + res.AllowedConns = common.MakeAllConnectionSetWithRule(common.SystemDefaultRule, isIngress) return res, nil } diff --git a/pkg/netpol/eval/eval_test.go b/pkg/netpol/eval/eval_test.go index 6a5ccb45..83d9be89 100644 --- a/pkg/netpol/eval/eval_test.go +++ b/pkg/netpol/eval/eval_test.go @@ -1786,7 +1786,7 @@ func TestPolicyEngineWithWorkloads(t *testing.T) { if len(processingErrs) > 0 { t.Fatalf("TestPolicyEngineWithWorkloads errors: %v", processingErrs) } - pe, err := NewPolicyEngineWithObjects(objects) + pe, err := NewPolicyEngineWithObjects(objects, false) if err != nil { t.Fatalf("TestPolicyEngineWithWorkloads error: %v", err) } @@ -1806,6 +1806,9 @@ func pickContainedConn(conn *common.ConnectionSet) (resProtocol, resPort string) return string(v1.ProtocolTCP), defaultPort } for protocol, portSet := range conn.AllowedProtocols { + if portSet.IsEmpty() { // at least in some protocol, portSet will not be empty + continue + } resProtocol = string(protocol) if portSet.IsAll() { resPort = defaultPort @@ -1829,7 +1832,8 @@ func runParsedResourcesEvalTests(t *testing.T, testList []examples.ParsedResourc test := &testList[i] t.Run(test.Name, func(t *testing.T) { t.Parallel() - pe, err := NewPolicyEngineWithObjects(test.GetK8sObjects()) + // TODO - support explain (and then change the 'false' below to 'true') + pe, err := NewPolicyEngineWithObjects(test.GetK8sObjects(), false) require.Nil(t, err, test.TestInfo) for _, evalTest := range test.EvalTests { src := evalTest.Src @@ -1956,7 +1960,8 @@ func TestDirPathEvalResults(t *testing.T) { require.Empty(t, errs, "test: %q", testName) objectsList, processingErrs := parser.ResourceInfoListToK8sObjectsList(rList, logger.NewDefaultLogger(), false) require.Empty(t, processingErrs, "test: %q", testName) - pe, err := NewPolicyEngineWithObjects(objectsList) + // TODO - support explain (and then change the 'false' below to 'true') + pe, err := NewPolicyEngineWithObjects(objectsList, false) require.Nil(t, err, "test: %q", testName) var src, dst string for podStr, podObj := range pe.podsMap { diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go index 96f6a826..721dc4ba 100644 --- a/pkg/netpol/eval/internal/k8s/adminnetpol.go +++ b/pkg/netpol/eval/internal/k8s/adminnetpol.go @@ -119,7 +119,8 @@ func ingressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyIngressPeer, s // updateConnsIfEgressRuleSelectsPeer checks if the given dst is selected by given egress rule, // if yes, updates given policyConns with the rule's connections func updateConnsIfEgressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyEgressPeer, - rulePorts *[]apisv1a.AdminNetworkPolicyPort, dst Peer, policyConns *PolicyConnections, action string, isBANPrule bool) error { + rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, dst Peer, policyConns *PolicyConnections, + action string, isBANPrule bool) error { if len(rulePeers) == 0 { return errors.New(netpolerrors.ANPEgressRulePeersErr) } @@ -130,14 +131,15 @@ func updateConnsIfEgressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyEg if !peerSelected { return nil } - err = updatePolicyConns(rulePorts, policyConns, dst, action, isBANPrule) + err = updatePolicyConns(rulePorts, ruleName, policyConns, dst, action, isBANPrule, false) return err } // updateConnsIfIngressRuleSelectsPeer checks if the given src is selected by given ingress rule, // if yes, updates given policyConns with the rule's connections func updateConnsIfIngressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyIngressPeer, - rulePorts *[]apisv1a.AdminNetworkPolicyPort, src, dst Peer, policyConns *PolicyConnections, action string, isBANPrule bool) error { + rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, src, dst Peer, policyConns *PolicyConnections, + action string, isBANPrule bool) error { if len(rulePeers) == 0 { return errors.New(netpolerrors.ANPIngressRulePeersErr) } @@ -148,16 +150,16 @@ func updateConnsIfIngressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyI if !peerSelected { return nil } - err = updatePolicyConns(rulePorts, policyConns, dst, action, isBANPrule) + err = updatePolicyConns(rulePorts, ruleName, policyConns, dst, action, isBANPrule, true) return err } // updatePolicyConns gets the rule connections from the rule.ports and updates the input policy connections // with the rule's conns considering the action -func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, policyConns *PolicyConnections, dst Peer, - action string, isBANPrule bool) error { +func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, policyConns *PolicyConnections, dst Peer, + action string, isBANPrule, isIngress bool) error { // get rule connections from rulePorts - ruleConns, err := ruleConnections(rulePorts, dst) + ruleConns, err := ruleConnections(rulePorts, ruleName, dst, isIngress) if err != nil { return err } @@ -167,9 +169,9 @@ func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, policyConns } // ruleConnections returns the connectionSet from the current rule.Ports -func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common.ConnectionSet, error) { - if ports == nil { - return common.MakeConnectionSet(true), nil // If Ports is not set then the rule does not filter traffic via port. +func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, dst Peer, isIngress bool) (*common.ConnectionSet, error) { + if ports == nil { // If Ports is not set then the rule does not filter traffic via port. + return common.MakeAllConnectionSetWithRule(ruleName, isIngress), nil } res := common.MakeConnectionSet(false) for _, anpPort := range *ports { @@ -183,7 +185,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common if anpPort.PortNumber.Protocol != "" { protocol = anpPort.PortNumber.Protocol } - portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port)) + portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port), common.MakeImplyingRulesWithRule(ruleName, isIngress)) case anpPort.NamedPort != nil: podProtocol, podPort := dst.GetPeerPod().ConvertPodNamedPort(*anpPort.NamedPort) if podPort == common.NoPort { // pod does not have this named port in its container @@ -192,7 +194,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common if podProtocol != "" { protocol = v1.Protocol(podProtocol) } - portSet.AddPort(intstr.FromInt32(podPort)) + portSet.AddPort(intstr.FromInt32(podPort), common.MakeImplyingRulesWithRule(ruleName, isIngress)) case anpPort.PortRange != nil: if anpPort.PortRange.Protocol != "" { protocol = anpPort.PortRange.Protocol @@ -200,7 +202,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, dst Peer) (*common if isEmptyPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End)) { continue // @todo should raise a warning } - portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End)) + portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End), true, ruleName, isIngress) } res.AddConnection(protocol, portSet) } @@ -400,13 +402,27 @@ func (anp *AdminNetworkPolicy) anpRuleErr(ruleName, description string) error { return fmt.Errorf("%s %q: %s %q: %s", anpErrTitle, anp.Name, ruleErrTitle, ruleName, description) } +func (anp *AdminNetworkPolicy) fullName() string { + return "[ANP] " + anp.Name +} + +func ruleFullName(policyName, ruleName, action string, isIngress bool) string { + xgress := egressName + if isIngress { + xgress = ingressName + } + return fmt.Sprintf("%s//%s rule %s (%s)", policyName, xgress, ruleName, action) +} + // GetIngressPolicyConns returns the connections from the ingress rules selecting the src in spec of the adminNetworkPolicy func (anp *AdminNetworkPolicy) GetIngressPolicyConns(src, dst Peer) (*PolicyConnections, error) { res := NewPolicyConnections() for _, rule := range anp.Spec.Ingress { // rule is apisv1a.AdminNetworkPolicyIngressRule rulePeers := rule.From rulePorts := rule.Ports - if err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, src, dst, res, string(rule.Action), false); err != nil { + if err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(anp.fullName(), rule.Name, string(rule.Action), true), + src, dst, res, string(rule.Action), false); err != nil { return nil, anp.anpRuleErr(rule.Name, err.Error()) } } @@ -419,7 +435,9 @@ func (anp *AdminNetworkPolicy) GetEgressPolicyConns(dst Peer) (*PolicyConnection for _, rule := range anp.Spec.Egress { // rule is apisv1a.AdminNetworkPolicyEgressRule rulePeers := rule.To rulePorts := rule.Ports - if err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, dst, res, string(rule.Action), false); err != nil { + if err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(anp.fullName(), rule.Name, string(rule.Action), false), + dst, res, string(rule.Action), false); err != nil { return nil, anp.anpRuleErr(rule.Name, err.Error()) } } diff --git a/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go b/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go index a4e99ed8..181f79f9 100644 --- a/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go +++ b/pkg/netpol/eval/internal/k8s/baseline_admin_netpol.go @@ -51,13 +51,19 @@ func banpRuleErr(ruleName, description string) error { return fmt.Errorf("%s%s %q: %s", banpErrTitle, ruleErrTitle, ruleName, description) } +func (banp *BaselineAdminNetworkPolicy) fullName() string { + return "[BANP] " + banp.Name +} + // GetEgressPolicyConns returns the connections from the egress rules selecting the dst in spec of the baselineAdminNetworkPolicy func (banp *BaselineAdminNetworkPolicy) GetEgressPolicyConns(dst Peer) (*PolicyConnections, error) { res := NewPolicyConnections() for _, rule := range banp.Spec.Egress { // rule is apisv1a.BaselineAdminNetworkPolicyEgressRule rulePeers := rule.To rulePorts := rule.Ports - if err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, dst, res, string(rule.Action), true); err != nil { + if err := updateConnsIfEgressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(banp.fullName(), rule.Name, string(rule.Action), false), + dst, res, string(rule.Action), true); err != nil { return nil, banpRuleErr(rule.Name, err.Error()) } } @@ -70,7 +76,9 @@ func (banp *BaselineAdminNetworkPolicy) GetIngressPolicyConns(src, dst Peer) (*P for _, rule := range banp.Spec.Ingress { // rule is apisv1a.BaselineAdminNetworkPolicyIngressRule rulePeers := rule.From rulePorts := rule.Ports - if err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, src, dst, res, string(rule.Action), true); err != nil { + if err := updateConnsIfIngressRuleSelectsPeer(rulePeers, rulePorts, + ruleFullName(banp.fullName(), rule.Name, string(rule.Action), true), + src, dst, res, string(rule.Action), true); err != nil { return nil, banpRuleErr(rule.Name, err.Error()) } } diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index c2784fcd..ca715730 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -61,8 +61,10 @@ type PolicyExposureWithoutSelectors struct { // if so, also consider concurrent access (or declare not goroutine safe?) const ( - portBase = 10 - portBits = 32 + portBase = 10 + portBits = 32 + egressName = "Egress" + ingressName = "Ingress" ) func getProtocolStr(p *v1.Protocol) string { @@ -116,6 +118,13 @@ func isEmptyPortRange(start, end int64) bool { return start == common.NoPort && end == common.NoPort } +func (np *NetworkPolicy) rulePeersAndPorts(ruleIdx int, isIngress bool) ([]netv1.NetworkPolicyPeer, []netv1.NetworkPolicyPort) { + if isIngress { + return np.Spec.Ingress[ruleIdx].From, np.Spec.Ingress[ruleIdx].Ports + } + return np.Spec.Egress[ruleIdx].To, np.Spec.Egress[ruleIdx].Ports +} + // doesRulePortContain gets protocol and port numbers of a rule and other protocol and port; // returns if other is contained in the rule's port func doesRulePortContain(ruleProtocol, otherProtocol string, ruleStartPort, ruleEndPort, otherPort int64) bool { @@ -131,12 +140,15 @@ func doesRulePortContain(ruleProtocol, otherProtocol string, ruleStartPort, rule return false } -func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, dst Peer) (*common.ConnectionSet, error) { +func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, dst Peer, + ruleIdx int, isIngress bool) (*common.ConnectionSet, error) { if len(rulePorts) == 0 { - return common.MakeConnectionSet(true), nil // If this field is empty or missing, this rule matches all ports + // If this field is empty or missing, this rule matches all ports // (traffic not restricted by port) + return common.MakeAllConnectionSetWithRule(np.ruleName(ruleIdx, isIngress), isIngress), nil } res := common.MakeConnectionSet(false) + ruleName := np.ruleName(ruleIdx, isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { @@ -166,10 +178,10 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds // 4- in order to get a connection from any pod to an ip dst (will not get here, as named ports are not defined for ip-blocks) // adding portName string to the portSet - ports.AddPort(intstr.FromString(portName)) + ports.AddPort(intstr.FromString(portName), common.MakeImplyingRulesWithRule(ruleName, isIngress)) } if !isEmptyPortRange(startPort, endPort) { - ports.AddPortRange(startPort, endPort) + ports.AddPortRange(startPort, endPort, true, ruleName, isIngress) } } res.AddConnection(protocol, ports) @@ -355,54 +367,58 @@ func (np *NetworkPolicy) EgressAllowedConn(dst Peer, protocol, port string) (boo return false, nil } -// GetEgressAllowedConns returns the set of allowed connections from any captured pod to the destination peer -func (np *NetworkPolicy) GetEgressAllowedConns(dst Peer) (*common.ConnectionSet, error) { - res := common.MakeConnectionSet(false) - for _, rule := range np.Spec.Egress { - rulePeers := rule.To - rulePorts := rule.Ports - peerSelected, err := np.ruleSelectsPeer(rulePeers, dst) - if err != nil { - return res, err - } - if !peerSelected { - continue - } - ruleConns, err := np.ruleConnections(rulePorts, dst) - if err != nil { - return res, err - } - res.Union(ruleConns) - if res.AllowAll { - return res, nil - } +const ( + NoXgressRulesExpl = "(no %s rules defined)" + CapturedButNotSelectedExpl = "(captured but not selected by any %s rule)" +) + +func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) string { + xgress := "Egress" + if isIngress { + xgress = "Ingress" } - return res, nil + return fmt.Sprintf("%s//%s "+expl, np.fullName(), xgress, xgress) } -// GetIngressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer -func (np *NetworkPolicy) GetIngressAllowedConns(src, dst Peer) (*common.ConnectionSet, error) { +// GetXgressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer (for Ingress) +// or from any captured pod to the dst peer (for Egress) +func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { res := common.MakeConnectionSet(false) - for _, rule := range np.Spec.Ingress { - rulePeers := rule.From - rulePorts := rule.Ports - peerSelected, err := np.ruleSelectsPeer(rulePeers, src) + if (isIngress && len(np.Spec.Ingress) == 0) || (!isIngress && len(np.Spec.Egress) == 0) { + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, NoXgressRulesExpl), isIngress) + return res, nil + } + peerSelectedByAnyRule := false + numOfRules := len(np.Spec.Egress) + if isIngress { + numOfRules = len(np.Spec.Ingress) + } + for idx := 0; idx < numOfRules; idx++ { + rulePeers, rulePorts := np.rulePeersAndPorts(idx, isIngress) + peerToSelect := dst + if isIngress { + peerToSelect = src + } + peerSelected, err := np.ruleSelectsPeer(rulePeers, peerToSelect) if err != nil { return res, err } if !peerSelected { continue } - - ruleConns, err := np.ruleConnections(rulePorts, dst) + peerSelectedByAnyRule = true + ruleConns, err := np.ruleConnections(rulePorts, dst, idx, isIngress) if err != nil { return res, err } - res.Union(ruleConns) + res.Union(ruleConns, false) if res.AllowAll { return res, nil } } + if !peerSelectedByAnyRule { + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, CapturedButNotSelectedExpl), isIngress) + } return res, nil } @@ -510,7 +526,15 @@ func (np *NetworkPolicy) Selects(p *Pod, direction netv1.PolicyType) (bool, erro } func (np *NetworkPolicy) fullName() string { - return types.NamespacedName{Name: np.Name, Namespace: np.Namespace}.String() + return "[NP] " + types.NamespacedName{Name: np.Name, Namespace: np.Namespace}.String() +} + +func (np *NetworkPolicy) ruleName(ruleIdx int, isIngress bool) string { + xgress := egressName + if isIngress { + xgress = ingressName + } + return fmt.Sprintf("%s//%s rule #%d", np.fullName(), xgress, ruleIdx+1) } // ///////////////////////////////////////////////////////////////////////////////////////////// @@ -548,10 +572,10 @@ func (np *NetworkPolicy) GetPolicyRulesSelectorsAndUpdateExposureClusterWideConn // scanIngressRules handles policy's ingress rules (for updating policy's wide conns/ returning specific rules' selectors) func (np *NetworkPolicy) scanIngressRules() ([]SingleRuleSelectors, error) { rulesSelectors := []SingleRuleSelectors{} - for _, rule := range np.Spec.Ingress { + for idx, rule := range np.Spec.Ingress { rulePeers := rule.From rulePorts := rule.Ports - selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, true) + selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, idx, true) if err != nil { return nil, err } @@ -563,10 +587,10 @@ func (np *NetworkPolicy) scanIngressRules() ([]SingleRuleSelectors, error) { // scanEgressRules handles policy's egress rules (for updating policy's wide conns/ returning specific rules' selectors) func (np *NetworkPolicy) scanEgressRules() ([]SingleRuleSelectors, error) { rulesSelectors := []SingleRuleSelectors{} - for _, rule := range np.Spec.Egress { + for idx, rule := range np.Spec.Egress { rulePeers := rule.To rulePorts := rule.Ports - selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, false) + selectors, err := np.getSelectorsAndUpdateExposureClusterWideConns(rulePeers, rulePorts, idx, false) if err != nil { return nil, err } @@ -584,9 +608,9 @@ func (np *NetworkPolicy) scanEgressRules() ([]SingleRuleSelectors, error) { // - if a rule contains at least one defined selector : appends the rule selectors to a selector list which will be returned. // this func assumes rules are legal (rules correctness check occurs later) func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []netv1.NetworkPolicyPeer, rulePorts []netv1.NetworkPolicyPort, - isIngress bool) (rulesSelectors []SingleRuleSelectors, err error) { + ruleIdx int, isIngress bool) (rulesSelectors []SingleRuleSelectors, err error) { if len(rules) == 0 { - err = np.updateNetworkPolicyExposureClusterWideConns(true, true, rulePorts, isIngress) + err = np.updateNetworkPolicyExposureClusterWideConns(true, true, rulePorts, ruleIdx, isIngress) return nil, err } for i := range rules { @@ -601,7 +625,7 @@ func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []n // if podSelector is not nil but namespaceSelector is nil, this is the netpol's namespace if rules[i].NamespaceSelector != nil && rules[i].NamespaceSelector.Size() == 0 && (rules[i].PodSelector == nil || rules[i].PodSelector.Size() == 0) { - err = np.updateNetworkPolicyExposureClusterWideConns(false, true, rulePorts, isIngress) + err = np.updateNetworkPolicyExposureClusterWideConns(false, true, rulePorts, ruleIdx, isIngress) return nil, err } // else selectors' combination specifies workloads by labels (at least one is not nil and not empty) @@ -614,23 +638,23 @@ func (np *NetworkPolicy) getSelectorsAndUpdateExposureClusterWideConns(rules []n // updateNetworkPolicyExposureClusterWideConns updates the cluster-wide exposure connections of the policy func (np *NetworkPolicy) updateNetworkPolicyExposureClusterWideConns(externalExposure, entireCluster bool, - rulePorts []netv1.NetworkPolicyPort, isIngress bool) error { - ruleConns, err := np.ruleConnections(rulePorts, nil) + rulePorts []netv1.NetworkPolicyPort, ruleIdx int, isIngress bool) error { + ruleConns, err := np.ruleConnections(rulePorts, nil, ruleIdx, isIngress) if err != nil { return err } if externalExposure { if isIngress { - np.IngressPolicyExposure.ExternalExposure.Union(ruleConns) + np.IngressPolicyExposure.ExternalExposure.Union(ruleConns, false) } else { - np.EgressPolicyExposure.ExternalExposure.Union(ruleConns) + np.EgressPolicyExposure.ExternalExposure.Union(ruleConns, false) } } if entireCluster { if isIngress { - np.IngressPolicyExposure.ClusterWideExposure.Union(ruleConns) + np.IngressPolicyExposure.ClusterWideExposure.Union(ruleConns, false) } else { - np.EgressPolicyExposure.ClusterWideExposure.Union(ruleConns) + np.EgressPolicyExposure.ClusterWideExposure.Union(ruleConns, false) } } return nil diff --git a/pkg/netpol/eval/internal/k8s/netpol_test.go b/pkg/netpol/eval/internal/k8s/netpol_test.go index e36c0671..333c7822 100644 --- a/pkg/netpol/eval/internal/k8s/netpol_test.go +++ b/pkg/netpol/eval/internal/k8s/netpol_test.go @@ -11,6 +11,7 @@ import ( v1 "k8s.io/api/core/v1" netv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -93,8 +94,17 @@ func TestNetworkPolicyPortAnalysis(t *testing.T) { Protocol: &UDP, Port: &PortHello, } - n := &NetworkPolicy{} - res, err := n.ruleConnections([]netv1.NetworkPolicyPort{AllowNamedPortOnProtocol}, &dst) + n := &NetworkPolicy{ + &netv1.NetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-name", + Namespace: "test-namespace", + }, + }, + PolicyExposureWithoutSelectors{}, + PolicyExposureWithoutSelectors{}, + } + res, err := n.ruleConnections([]netv1.NetworkPolicyPort{AllowNamedPortOnProtocol}, &dst, 0, false) expectedConnStr := "UDP 22" if res.String() != expectedConnStr { t.Fatalf("mismatch on ruleConnections result: expected %v, got %v", expectedConnStr, res.String()) diff --git a/pkg/netpol/eval/internal/k8s/pod.go b/pkg/netpol/eval/internal/k8s/pod.go index d84d93e0..f02ea3ac 100644 --- a/pkg/netpol/eval/internal/k8s/pod.go +++ b/pkg/netpol/eval/internal/k8s/pod.go @@ -270,7 +270,7 @@ func (pod *Pod) PodExposedTCPConnections() *common.ConnectionSet { protocol := corev1.ProtocolTCP if cPort.Protocol == "" || protocol == corev1.ProtocolTCP { ports := common.MakePortSet(false) - ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort)) + ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort), true, "", true) res.AddConnection(protocol, ports) } } @@ -300,12 +300,12 @@ func (pod *Pod) UpdatePodXgressExposureToEntireClusterData(ruleConns *common.Con // matching port number convertedConns := pod.checkAndConvertNamedPortsInConnection(ruleConns) if convertedConns != nil { - pod.IngressExposureData.ClusterWideConnection.Union(convertedConns) + pod.IngressExposureData.ClusterWideConnection.Union(convertedConns, false) } else { - pod.IngressExposureData.ClusterWideConnection.Union(ruleConns) + pod.IngressExposureData.ClusterWideConnection.Union(ruleConns, false) } } else { - pod.EgressExposureData.ClusterWideConnection.Union(ruleConns) + pod.EgressExposureData.ClusterWideConnection.Union(ruleConns, false) } } @@ -319,10 +319,10 @@ func (pod *Pod) checkAndConvertNamedPortsInConnection(conns *common.ConnectionSe connsCopy := conns.Copy() // copying the connectionSet; in order to replace // the named ports with pod's port numbers if possible for protocol, namedPorts := range connNamedPorts { - for _, namedPort := range namedPorts { + for namedPort, implyingRules := range namedPorts { podProtocol, portNum := pod.ConvertPodNamedPort(namedPort) if podProtocol == string(protocol) && portNum != common.NoPort { // matching port and protocol - connsCopy.ReplaceNamedPortWithMatchingPortNum(protocol, namedPort, portNum) + connsCopy.ReplaceNamedPortWithMatchingPortNum(protocol, namedPort, portNum, implyingRules) } } } diff --git a/pkg/netpol/eval/internal/k8s/policy_connections.go b/pkg/netpol/eval/internal/k8s/policy_connections.go index ca7b74b3..dd4e4c6d 100644 --- a/pkg/netpol/eval/internal/k8s/policy_connections.go +++ b/pkg/netpol/eval/internal/k8s/policy_connections.go @@ -49,18 +49,18 @@ func (pc *PolicyConnections) UpdateWithRuleConns(ruleConns *common.ConnectionSet case string(apisv1a.AdminNetworkPolicyRuleActionAllow): ruleConns.Subtract(pc.DeniedConns) ruleConns.Subtract(pc.PassConns) - pc.AllowedConns.Union(ruleConns) + pc.AllowedConns.Union(ruleConns, false) case string(apisv1a.AdminNetworkPolicyRuleActionDeny): ruleConns.Subtract(pc.AllowedConns) ruleConns.Subtract(pc.PassConns) - pc.DeniedConns.Union(ruleConns) + pc.DeniedConns.Union(ruleConns, false) case string(apisv1a.AdminNetworkPolicyRuleActionPass): if banpRules { return fmt.Errorf(netpolerrors.UnknownRuleActionErr) } ruleConns.Subtract(pc.AllowedConns) ruleConns.Subtract(pc.DeniedConns) - pc.PassConns.Union(ruleConns) + pc.PassConns.Union(ruleConns, false) default: return fmt.Errorf(netpolerrors.UnknownRuleActionErr) } @@ -79,9 +79,16 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti newAdminPolicyConns.PassConns.Subtract(pc.DeniedConns) newAdminPolicyConns.PassConns.Subtract(pc.AllowedConns) // add the new conns from current policy to the connections from the policies with higher precedence - pc.DeniedConns.Union(newAdminPolicyConns.DeniedConns) - pc.AllowedConns.Union(newAdminPolicyConns.AllowedConns) - pc.PassConns.Union(newAdminPolicyConns.PassConns) + pc.DeniedConns.Union(newAdminPolicyConns.DeniedConns, false) + pc.AllowedConns.Union(newAdminPolicyConns.AllowedConns, false) + pc.PassConns.Union(newAdminPolicyConns.PassConns, false) +} + +// ComplementPassConns complements pass connections to all connections (by adding the absent conections) +func (pc *PolicyConnections) ComplementPassConns() { + defaultPassConn := NewPolicyConnections() + defaultPassConn.PassConns = common.MakeConnectionSet(true) + pc.CollectANPConns(defaultPassConn) } // CollectAllowedConnsFromNetpols updates allowed conns of current PolicyConnections object with allowed connections from @@ -92,14 +99,21 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti // and any connection that is not allowed by the netpols is denied. // 2. pass connections in current PolicyConnections object will be determined by the input PolicyConnections parameter. func (pc *PolicyConnections) CollectAllowedConnsFromNetpols(npConns *PolicyConnections) { + // This intersection with PassConn does not have effect the resulting connectios, + // but it updates implying rules, representing the effect of PassConn as well + // We start from PassConn, and intersect it with npConns.AllowedConns, + // because the order of intersection impacts the order of implying rules. + newConn := pc.PassConns.Copy() + newConn.Intersection(npConns.AllowedConns) // collect implying rules from pc.PassConns and npConns.AllowedConns // subtract the denied conns (which are non-overridden) from input conns - npConns.AllowedConns.Subtract(pc.DeniedConns) + newConn.Subtract(pc.DeniedConns) // PASS conns are determined by npConns // currently, npConns.AllowedConns contains: // 1. traffic that was passed by ANPs (if there are such conns) // 2. traffic that had no match in ANPs // so we can update current allowed conns with them - pc.AllowedConns.Union(npConns.AllowedConns) + // 'false' below: we don't add implying rules from NPs if the connections were defined by ANPs + pc.AllowedConns.Union(newConn, false) // now pc.AllowedConns contains all allowed conns by the ANPs and NPs // the content of pc.Denied and pc.Pass is not relevant anymore; // all the connections that are not allowed by the ANPs and NPs are denied. @@ -116,14 +130,22 @@ func (pc *PolicyConnections) CollectAllowedConnsFromNetpols(npConns *PolicyConne // is allowed by default func (pc *PolicyConnections) CollectConnsFromBANP(banpConns *PolicyConnections) { // allowed and denied conns of current pc are non-overridden - banpConns.DeniedConns.Subtract(pc.AllowedConns) - pc.DeniedConns.Union(banpConns.DeniedConns) - // now Pass conns which are denied by BANP were handled automatically; - // Pass Conns which are allowed or not captured by BANP, will be handled now with all other conns. - // pc.PassConns is not relevant anymore. + + // This Union with PassConn does not have effect on the resulting connectios, + // but it updates implying rules, representing the effect of PassConn as well + // We start from PassConn, and union banpConns.DeniedConns with it, + // because the order of Union impacts the order of implying rules. + newDenied := pc.PassConns.Copy() + newDenied.Intersection(banpConns.DeniedConns) // collect implying rules from pc.PassConns and banpConns.DeniedConns + newDenied.Subtract(pc.AllowedConns) + pc.DeniedConns.Union(newDenied, true) // 'true' because denied conns are defined by rules from both sides // the allowed conns are "all conns - the denied conns" - // since all conns that are not determined by the ANP and BANP are allowed by default - pc.AllowedConns = common.MakeConnectionSet(true) + // all conns that are not determined by the ANP and BANP are allowed by default, + // and are kept in banpConns.AllowedConns (were returned by getXgressDefaultConns) + newAllowed := pc.PassConns.Copy() + newAllowed.Intersection(banpConns.AllowedConns) // collect implying rules from pc.PassConns and banpConns.AllowedConns + pc.AllowedConns.Union(newAllowed, false) // 'false' because allowed conns may be already defined by pc.AllowedConns + pc.AllowedConns.Subtract(pc.DeniedConns) } @@ -136,6 +158,6 @@ func (pc *PolicyConnections) IsEmpty() bool { // selects all the connections func (pc *PolicyConnections) DeterminesAllConns() bool { selectedConns := pc.AllowedConns.Copy() - selectedConns.Union(pc.DeniedConns) + selectedConns.Union(pc.DeniedConns, false) return selectedConns.IsAllConnections() } diff --git a/pkg/netpol/eval/resources.go b/pkg/netpol/eval/resources.go index d2b46e95..f8d2ad2d 100644 --- a/pkg/netpol/eval/resources.go +++ b/pkg/netpol/eval/resources.go @@ -22,7 +22,6 @@ import ( apisv1a "sigs.k8s.io/network-policy-api/apis/v1alpha1" "github.com/np-guard/models/pkg/netset" - "github.com/np-guard/netpol-analyzer/pkg/internal/netpolerrors" "github.com/np-guard/netpol-analyzer/pkg/manifests/parser" "github.com/np-guard/netpol-analyzer/pkg/netpol/eval/internal/k8s" @@ -44,6 +43,7 @@ type ( baselineAdminNetpol *k8s.BaselineAdminNetworkPolicy // pointer to BaselineAdminNetworkPolicy which is a cluster singleton object cache *evalCache exposureAnalysisFlag bool + explain bool representativePeersMap map[string]*k8s.WorkloadPeer // map from unique labels string to representative peer object, // used only with exposure analysis (representative peer object is a workloadPeer with kind == "RepresentativePeer") } @@ -68,23 +68,26 @@ func NewPolicyEngine() *PolicyEngine { adminNetpolsMap: make(map[string]bool), cache: newEvalCache(), exposureAnalysisFlag: false, + explain: false, } } -func NewPolicyEngineWithObjects(objects []parser.K8sObject) (*PolicyEngine, error) { +func NewPolicyEngineWithObjects(objects []parser.K8sObject, explain bool) (*PolicyEngine, error) { pe := NewPolicyEngine() + pe.explain = explain err := pe.addObjectsByKind(objects) return pe, err } // NewPolicyEngineWithOptions returns a new policy engine with an empty state but updating the exposure analysis flag // TBD: currently exposure-analysis is the only option supported by policy-engine, so no need for options list param -func NewPolicyEngineWithOptions(exposureFlag bool) *PolicyEngine { +func NewPolicyEngineWithOptions(exposureFlag, explain bool) *PolicyEngine { pe := NewPolicyEngine() pe.exposureAnalysisFlag = exposureFlag if exposureFlag { pe.representativePeersMap = make(map[string]*k8s.WorkloadPeer) } + pe.explain = explain return pe } diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go new file mode 100644 index 00000000..a98c097f --- /dev/null +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -0,0 +1,721 @@ +/* +Copyright 2023- IBM Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package common + +import ( + "fmt" + "log" + "slices" + "sort" + "strings" + + "github.com/np-guard/models/pkg/interval" +) + +type ExplResultType int + +const ( + NoResult ExplResultType = iota + AllowResult + DenyResult +) + +type ImplyingXgressRulesType struct { + Rules map[string]int + // Result will keep the final connectivity decision which follows from the above rules + // (allow, deny or not set) + // It is used for specifying explainability decision per direction (Egress/Ingress) + Result ExplResultType +} + +type ImplyingRulesType struct { + Ingress ImplyingXgressRulesType // an ordered set of ingress rules, used for explainability + Egress ImplyingXgressRulesType // an ordered set of egress rules, used for explainability +} + +func InitImplyingXgressRules() ImplyingXgressRulesType { + return ImplyingXgressRulesType{Rules: map[string]int{}, Result: NoResult} +} + +func MakeImplyingXgressRulesWithRule(rule string) ImplyingXgressRulesType { + res := InitImplyingXgressRules() + res.AddXgressRule(rule) + return res +} + +func InitImplyingRules() ImplyingRulesType { + return ImplyingRulesType{Ingress: InitImplyingXgressRules(), Egress: InitImplyingXgressRules()} +} + +func MakeImplyingRulesWithRule(rule string, isIngress bool) ImplyingRulesType { + res := InitImplyingRules() + if isIngress { + res.Ingress = MakeImplyingXgressRulesWithRule(rule) + } else { + res.Egress = MakeImplyingXgressRulesWithRule(rule) + } + return res +} + +func (rules *ImplyingXgressRulesType) Copy() ImplyingXgressRulesType { + if rules == nil { + return InitImplyingXgressRules() + } + res := ImplyingXgressRulesType{Rules: map[string]int{}, Result: rules.Result} + for k, v := range rules.Rules { + res.Rules[k] = v + } + return res +} + +func (rules *ImplyingRulesType) Copy() ImplyingRulesType { + res := InitImplyingRules() + res.Ingress = rules.Ingress.Copy() + res.Egress = rules.Egress.Copy() + return res +} + +const ( + ExplWithRulesTitle = "due to the following policies//rules:" + IngressDirectionTitle = "\tINGRESS DIRECTION" + EgressDirectionTitle = "\tEGRESS DIRECTION" + NewLine = "\n" + SpaceSeparator = " " + ExplAllowAll = "(Allow all)" + SystemDefaultRule = "the system default " + ExplAllowAll + ExplSystemDefault = "due to " + SystemDefaultRule + PodToItselfRule = "pod to itself " + ExplAllowAll + allowResultStr = "ALLOWED" + denyResultStr = "DENIED" +) + +func (rules *ImplyingXgressRulesType) onlySystemDefaultRule() bool { + if _, ok := rules.Rules[SystemDefaultRule]; ok { + return len(rules.Rules) == 1 + } + return false +} + +func formattedExpl(expl string) string { + return "(" + expl + ")" +} + +func (rules *ImplyingXgressRulesType) resultString() string { + switch rules.Result { + case AllowResult: + return formattedExpl(allowResultStr) + case DenyResult: + return formattedExpl(denyResultStr) + default: + return "" + } +} + +func (rules *ImplyingXgressRulesType) String() string { + if rules.Empty() { + return rules.resultString() + } + // print the rules according to their order + formattedRules := make([]string, 0, len(rules.Rules)) + for name, order := range rules.Rules { + formattedRules = append(formattedRules, fmt.Sprintf("\t\t%d) %s", order+1, name)) + } + sort.Strings(formattedRules) // the rule index begins the string, like "2)" + return rules.resultString() + NewLine + strings.Join(formattedRules, NewLine) +} + +func (rules *ImplyingRulesType) OnlySystemDefaultRule() bool { + return rules.Ingress.onlySystemDefaultRule() && rules.Egress.onlySystemDefaultRule() +} + +func (rules ImplyingRulesType) String() string { + if rules.OnlySystemDefaultRule() { + return SpaceSeparator + SystemDefaultRule + NewLine + } + res := "" + if !rules.Egress.Empty() { + res += EgressDirectionTitle + if rules.Egress.onlySystemDefaultRule() { + res += SpaceSeparator + rules.Egress.resultString() + SpaceSeparator + ExplSystemDefault + NewLine + } else { + res += SpaceSeparator + rules.Egress.String() + NewLine + } + } + if !rules.Ingress.Empty() { + res += IngressDirectionTitle + if rules.Ingress.onlySystemDefaultRule() { + res += SpaceSeparator + rules.Ingress.resultString() + SpaceSeparator + ExplSystemDefault + NewLine + } else { + res += SpaceSeparator + rules.Ingress.String() + NewLine + } + } + if res == "" { + return NewLine + } + return SpaceSeparator + ExplWithRulesTitle + NewLine + res +} + +func (rules *ImplyingXgressRulesType) Empty() bool { + return len(rules.Rules) == 0 +} + +func (rules ImplyingRulesType) Empty(isIngress bool) bool { + if isIngress { + return rules.Ingress.Empty() + } + return rules.Egress.Empty() +} + +func (rules *ImplyingXgressRulesType) AddXgressRule(ruleName string) { + if ruleName != "" { + if _, ok := rules.Rules[ruleName]; !ok { + rules.Rules[ruleName] = len(rules.Rules) // a new rule should be the last + } + } +} + +func (rules *ImplyingRulesType) AddRule(ruleName string, isIngress bool) { + if isIngress { + rules.Ingress.AddXgressRule(ruleName) + } else { + rules.Egress.AddXgressRule(ruleName) + } +} + +func (rules *ImplyingXgressRulesType) SetXgressResult(isAllowed bool) { + if rules.Result != NoResult { + log.Panic(errConflictingExplResult) + } + if isAllowed { + rules.Result = AllowResult + } else { + rules.Result = DenyResult + } +} + +func (rules *ImplyingRulesType) SetResult(isAllowed, isIngress bool) { + if isIngress { + rules.Ingress.SetXgressResult(isAllowed) + } else { + rules.Egress.SetXgressResult(isAllowed) + } +} + +func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, collectRules bool) { + if !collectRules { + if rules.Empty() { + *rules = other.Copy() + } + return + } + + // first, count how many rules are common in both sets + common := 0 + for name := range other.Rules { + if _, ok := rules.Rules[name]; ok { + common += 1 + } + } + offset := len(rules.Rules) - common + for name, order := range other.Rules { + if _, ok := rules.Rules[name]; !ok { // for the common rules, keep their original order in the current rules + rules.Rules[name] = order + offset // other rules should be addded after the current rules + } + } + // update Result if set + if other.Result != NoResult { + rules.SetXgressResult(other.Result == AllowResult) + } +} + +func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, collectRules bool) bool { + if !collectRules { + return rules.Empty() && !other.Empty() + } + for name := range other.Rules { + if _, ok := rules.Rules[name]; !ok { + return true + } + } + return false +} + +func (rules *ImplyingRulesType) Union(other ImplyingRulesType, collectRules bool) { + rules.Ingress.Union(other.Ingress, collectRules) + rules.Egress.Union(other.Egress, collectRules) +} + +func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, collectRules bool) bool { + return rules.Ingress.mayBeUpdatedBy(other.Ingress, collectRules) || rules.Egress.mayBeUpdatedBy(other.Egress, collectRules) +} + +const ( + NoIndex = -1 +) + +type AugmentedInterval struct { + interval interval.Interval + inSet bool + implyingRules ImplyingRulesType +} + +func NewAugmentedInterval(start, end int64, inSet bool) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: InitImplyingRules()} +} + +func NewAugmentedIntervalWithRule(start, end int64, inSet bool, rule string, isIngress bool) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: MakeImplyingRulesWithRule(rule, isIngress)} +} + +func NewAugmentedIntervalWithRules(start, end int64, inSet bool, rules ImplyingRulesType) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: rules.Copy()} +} + +// AugmentedCanonicalSet is a set of int64 integers, implemented using an ordered slice of non-overlapping, non-touching intervals. +// The intervals should include both included intervals and holes; +// i.e., start of every interval is the end of a previous interval incremented by 1. +// An AugmentedCanonicalSet is created with an interval/hole covering the whole range for this kind of set. +// The assumption is that further operations on a set will never extend this initial range, +// i.e., the MinValue() and MaxValue() functions will always return the same results. +type AugmentedCanonicalSet struct { + intervalSet []AugmentedInterval +} + +func NewAugmentedCanonicalSet(minValue, maxValue int64, isAll bool) *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{ + intervalSet: []AugmentedInterval{ + NewAugmentedInterval(minValue, maxValue, isAll), // the full range interval (isAll==true) or 'hole' (isAll==false) + }, + } +} + +func NewAugmentedCanonicalSetWithRules(minValue, maxValue int64, isAll bool, rules ImplyingRulesType) *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{ + intervalSet: []AugmentedInterval{ + NewAugmentedIntervalWithRules(minValue, maxValue, isAll, rules), // the full range interval (isAll==true) or 'hole' (isAll==false) + }, + } +} + +func (c *AugmentedCanonicalSet) Intervals() []AugmentedInterval { + return slices.Clone(c.intervalSet) +} + +func (c *AugmentedCanonicalSet) NumIntervals() int { + return len(c.intervalSet) +} + +const ( + errMinFromEmptySet = "cannot take min from empty interval set" + errOutOfRangeInterval = "cannot add interval which is out of scope of AugmentedCanonicalSet" + errConflictingExplResult = "cannot override explanation result that has been already set" +) + +func (c *AugmentedCanonicalSet) MinValue() int64 { + if len(c.intervalSet) == 0 { + log.Panic(errMinFromEmptySet) + } + return c.intervalSet[0].interval.Start() +} + +func (c *AugmentedCanonicalSet) MaxValue() int64 { + size := len(c.intervalSet) + if size == 0 { + log.Panic(errMinFromEmptySet) + } + return c.intervalSet[size-1].interval.End() +} + +func (c *AugmentedCanonicalSet) Min() int64 { + if len(c.intervalSet) == 0 { + log.Panic(errMinFromEmptySet) + } + for _, interval := range c.intervalSet { + if interval.inSet { + return interval.interval.Start() + } + } + log.Panic(errMinFromEmptySet) + return 0 // making linter happy +} + +// IsEmpty returns true if the AugmentedCanonicalSet is semantically empty (i.e., no 'inSet' intervals, but may possibly include holes) +func (c *AugmentedCanonicalSet) IsEmpty() bool { + for _, interval := range c.intervalSet { + if interval.inSet { + return false + } + } + return true +} + +// Unfilled returns true if the AugmentedCanonicalSet is syntactically empty (i.e., none of intervals or holes in the interval set) +func (c *AugmentedCanonicalSet) IsUnfilled() bool { + return len(c.intervalSet) == 0 +} + +func (c *AugmentedCanonicalSet) CalculateSize() int64 { + var res int64 = 0 + for _, r := range c.intervalSet { + if r.inSet { + res += r.interval.Size() + } + } + return res +} + +// func (c *AugmentedCanonicalSet) isConsistent() bool { +// lastInd := len(c.intervalSet) - 1 +// if lastInd < 0 { +// return true // the set is empty +// } +// lastInterval := c.intervalSet[lastInd] +// if lastInterval.inSet || lastInterval.interval.Start() < 0 || lastInterval.interval.End() != MaxValue { +// return false +// } +// return true +// } + +// nextIncludedInterval finds an interval included in set (not hole), starting from fromInd. +// if there are a few continuous in set intervals, it will return the union of all of them. +// it returns the found (potentially extended) interval, and the biggest index contributing to the result +func (c *AugmentedCanonicalSet) nextIncludedInterval(fromInd int) (res interval.Interval, index int) { + start := fromInd + for start < len(c.intervalSet) && !c.intervalSet[start].inSet { + start++ + } + if start >= len(c.intervalSet) { + return interval.New(0, -1), NoIndex + } + end := start + for end < len(c.intervalSet) && c.intervalSet[end].inSet { + end++ + } + return interval.New(c.intervalSet[start].interval.Start(), c.intervalSet[end-1].interval.End()), end - 1 +} + +// Equal returns true if the AugmentedCanonicalSet semantically equals the other AugmentedCanonicalSet; +// only numeric intervals are compared; the implying rules are not compared. +func (c *AugmentedCanonicalSet) Equal(other *AugmentedCanonicalSet) bool { + if c == other { + return true + } + currThisInd := 0 + currOtherInd := 0 + + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if (thisInd == NoIndex) != (otherInd == NoIndex) { + return false + } + if thisInd == NoIndex { + break + } + if !(thisInterval.Equal(otherInterval)) { + return false + } + currThisInd = thisInd + 1 + currOtherInd = otherInd + 1 + } + return true +} + +// AddAugmentedInterval adds a new interval/hole to the set, +// and updates the implying rules accordingly +// +//gocyclo:ignore +func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectRules bool) { + if v.interval.Start() < c.MinValue() || v.interval.End() > c.MaxValue() { + log.Panic(errOutOfRangeInterval) + } + if v.interval.IsEmpty() { + return + } + set := c.intervalSet + left := sort.Search(len(set), func(i int) bool { + return set[i].interval.End() >= v.interval.Start() + }) + right := sort.Search(len(set), func(j int) bool { + return set[j].interval.End() >= v.interval.End() + }) + var result []AugmentedInterval + // copy left-end intervals not impacted by v + result = append(result, slices.Clone(set[0:left])...) + + // handle the left-hand side of the intersection of v with set + if v.interval.Start() > set[left].interval.Start() && + (set[left].inSet != v.inSet || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + // split set[left] into two intervals, while the implying rules of the second interval should get the new value (from v) + new1 := AugmentedInterval{interval: interval.New(set[left].interval.Start(), v.interval.Start()-1), + inSet: set[left].inSet, implyingRules: set[left].implyingRules.Copy()} + var newImplyingRules ImplyingRulesType + if set[left].inSet == v.inSet { + newImplyingRules = set[left].implyingRules.Copy() + newImplyingRules.Union(v.implyingRules, collectRules) + } else { + newImplyingRules = v.implyingRules.Copy() + } + new2 := AugmentedInterval{interval: interval.New(v.interval.Start(), min(set[left].interval.End(), v.interval.End())), + inSet: v.inSet, implyingRules: newImplyingRules} + result = append(result, new1, new2) + left++ + } + for ind := left; ind <= right; ind++ { + if ind == right && v.interval.End() < set[right].interval.End() && + (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + break // this is the corner case handled following the loop below + } + var newImplyingRules ImplyingRulesType + if set[ind].inSet == v.inSet { + // this interval is not impacted by v; + // however, its implying rules may be updated by those of v. + newImplyingRules = set[ind].implyingRules.Copy() + newImplyingRules.Union(v.implyingRules, collectRules) + } else { + newImplyingRules = v.implyingRules.Copy() + } + result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, implyingRules: newImplyingRules}) + } + // handle the right-hand side of the intersection of v with set + if v.interval.End() < set[right].interval.End() && + (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + // split set[right] into two intervals, while the implying rules of the first interval should get the new value (from v) + if left < right || (left == right && v.interval.Start() == set[left].interval.Start()) { + // a special case when left==right (i.e., v is included in one interval from set) was already handled + // at the left-hand side of the intersection of v with set + var newImplyingRules ImplyingRulesType + if set[right].inSet == v.inSet { + newImplyingRules = set[right].implyingRules.Copy() + newImplyingRules.Union(v.implyingRules, collectRules) + } else { + newImplyingRules = v.implyingRules.Copy() + } + new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), + inSet: v.inSet, implyingRules: newImplyingRules} + result = append(result, new1) + } + new2 := AugmentedInterval{interval: interval.New(v.interval.End()+1, set[right].interval.End()), + inSet: set[right].inSet, implyingRules: set[right].implyingRules.Copy()} + result = append(result, new2) + } + + // copy right-end intervals not impacted by v + result = append(result, slices.Clone(set[right+1:])...) + c.intervalSet = result +} + +// String returns a string representation of the current CanonicalSet object +func (c *AugmentedCanonicalSet) String() string { + if c.IsEmpty() { + return "" + } + res := "" + canonical := c.GetEquivalentCanonicalAugmentedSet() + for _, interval := range canonical.intervalSet { + if interval.inSet { + res += interval.interval.ShortString() + "," + } + } + return res[:len(res)-1] +} + +// Union returns the union of the two sets +// Note: this function is not symmetrical regarding the update of implying rules: +// it always prefers implying rules of 'c', and adds to it those of 'other' depending if collectRules == true +func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectRules bool) *AugmentedCanonicalSet { + if c == other { + return c.Copy() + } + // first, we add all 'out of set' intervals from both sets + // then, we add all 'in set' intervals from both sets + // this way we get the effect of union, while preserving all relevant implying rules + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + for _, left := range c.intervalSet { + if !left.inSet { + res.AddAugmentedInterval(left, false) + } + } + for _, right := range other.intervalSet { + if !right.inSet { + res.AddAugmentedInterval(right, false) + } + } + for _, left := range c.intervalSet { + if left.inSet { + res.AddAugmentedInterval(left, collectRules) + } + } + for _, right := range other.intervalSet { + if right.inSet { + res.AddAugmentedInterval(right, collectRules) + } + } + return res +} + +// Copy returns a new copy of the CanonicalSet object +func (c *AugmentedCanonicalSet) Copy() *AugmentedCanonicalSet { + return &AugmentedCanonicalSet{intervalSet: slices.Clone(c.intervalSet)} +} + +func (c *AugmentedCanonicalSet) Contains(n int64) bool { + otherSet := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), false) + return otherSet.ContainedIn(c) +} + +// ContainedIn returns true of the current AugmentedCanonicalSet is contained in the other AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) ContainedIn(other *AugmentedCanonicalSet) bool { + if c == other { + return true + } + currThisInd := 0 + currOtherInd := 0 + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if thisInd == NoIndex { + return true // end of this interval set + } + if otherInd == NoIndex { + return false // end of other interval set, but still have uncovered interval in this set + } + if thisInterval.IsSubset(otherInterval) { + // this interval is included in other; move to next intervals + currThisInd = thisInd + 1 + currOtherInd = otherInd + 1 + continue + } + if thisInterval.Overlap(otherInterval) { + // only part of this interval is contained + return false + } + if thisInterval.End() < otherInterval.Start() { + // this interval is not contained here + return false + } + // otherInterval.End() < thisInterval.Start() + // increment currOtherInd + currOtherInd = otherInd + 1 + } + return true +} + +// Intersect returns the intersection of the current set with the input set +func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *AugmentedCanonicalSet { + if c == other { + return c.Copy() + } + // first, we add all 'in set' intervals from both sets + // then, we add all 'out of set' intervals from both sets + // this way we get the effect of intersection, while preserving all relevant implying rules + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + for _, left := range c.intervalSet { + if left.inSet { + res.AddAugmentedInterval(left, true) // collect implying rules allowed by both sets + } + } + for _, right := range other.intervalSet { + if right.inSet { + res.AddAugmentedInterval(right, true) // collect implying rules allowed by both sets + } + } + for _, left := range c.intervalSet { + if !left.inSet { + res.AddAugmentedInterval(left, false) + } + } + for _, right := range other.intervalSet { + if !right.inSet { + res.AddAugmentedInterval(right, false) + } + } + return res +} + +// Overlap returns true if current AugmentedCanonicalSet overlaps with input AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) Overlap(other *AugmentedCanonicalSet) bool { + if c == other { + return !c.IsEmpty() + } + currThisInd := 0 + currOtherInd := 0 + for currThisInd != NoIndex { + thisInterval, thisInd := c.nextIncludedInterval(currThisInd) + otherInterval, otherInd := other.nextIncludedInterval(currOtherInd) + if thisInd == NoIndex || otherInd == NoIndex { + return false // did not find overlapping interval + } + if thisInterval.Overlap(otherInterval) { + return true + } + if thisInterval.End() < otherInterval.Start() { + // increment currThisInd + currThisInd = thisInd + 1 + } else { // otherInterval.End() < thisInterval.Start() + // increment currOtherInd + currOtherInd = otherInd + 1 + } + } + return false +} + +// Subtract returns the subtraction result of other AugmentedCanonicalSet +func (c *AugmentedCanonicalSet) Subtract(other *AugmentedCanonicalSet) *AugmentedCanonicalSet { + if c == other { + return NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + } + res := c.Copy() + for _, interval := range other.intervalSet { + if interval.inSet { + hole := interval + hole.inSet = false + res.AddAugmentedInterval(hole, false) + } + } + return res +} + +func (c *AugmentedCanonicalSet) ClearInSet() { + for i := range c.intervalSet { + c.intervalSet[i].inSet = false + } +} + +// Elements returns a slice with all the numbers contained in the set. +// USE WITH CARE. It can easily run out of memory for large sets. +func (c *AugmentedCanonicalSet) Elements() []int64 { + // allocate memory up front, to fail early + res := make([]int64, c.CalculateSize()) + i := 0 + for _, interval := range c.intervalSet { + if interval.inSet { + for v := interval.interval.Start(); v <= interval.interval.End(); v++ { + res[i] = v + i++ + } + } + } + return res +} + +func (c *AugmentedCanonicalSet) GetEquivalentCanonicalAugmentedSet() *AugmentedCanonicalSet { + res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) + interv, index := c.nextIncludedInterval(0) + for index != NoIndex { + res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), false) + interv, index = c.nextIncludedInterval(index + 1) + } + return res +} + +func (c *AugmentedCanonicalSet) SetExplResult(isIngress bool) { + for ind, v := range c.intervalSet { + c.intervalSet[ind].implyingRules.SetResult(v.inSet, isIngress) + } +} diff --git a/pkg/netpol/internal/common/connection.go b/pkg/netpol/internal/common/connection.go index 665a39c2..2e5cac54 100644 --- a/pkg/netpol/internal/common/connection.go +++ b/pkg/netpol/internal/common/connection.go @@ -13,7 +13,7 @@ import ( // Connection represents a set of allowed connections between two peers type Connection interface { // ProtocolsAndPortsMap returns the set of allowed connections - ProtocolsAndPortsMap() map[v1.Protocol][]PortRange + ProtocolsAndPortsMap(includeBlockedPorts bool) map[v1.Protocol][]PortRange // IsAllConnections returns true if all ports are allowed for all protocols IsAllConnections() bool // IsEmpty returns true if no connection is allowed diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 63763e44..9146cdfb 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -8,22 +8,27 @@ package common import ( "fmt" + "log" "sort" "strconv" "strings" - "k8s.io/apimachinery/pkg/util/intstr" - v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" "github.com/np-guard/models/pkg/interval" ) // ConnectionSet represents a set of allowed connections between two peers on a k8s env // and implements Connection interface +// The explainability information is represented as follows: every PortSet (in AllowedProtocols) +// includes information about implying rules for every range. +// CommonImplyingRules contain implying rules for empty or full ConectionSet (when AllowedProtocols is empty) +// The following variant should hold: CommonImplyingRules not empty <==> AllowedProtocols empty type ConnectionSet struct { - AllowAll bool - AllowedProtocols map[v1.Protocol]*PortSet // map from protocol name to set of allowed ports + AllowAll bool + AllowedProtocols map[v1.Protocol]*PortSet // map from protocol name to set of allowed ports + CommonImplyingRules ImplyingRulesType // used for explainability, when AllowedProtocols is empty (i.e., all allowed or all denied) } var allProtocols = []v1.Protocol{v1.ProtocolTCP, v1.ProtocolUDP, v1.ProtocolSCTP} @@ -31,9 +36,34 @@ var allProtocols = []v1.Protocol{v1.ProtocolTCP, v1.ProtocolUDP, v1.ProtocolSCTP // MakeConnectionSet returns a pointer to ConnectionSet object with all connections or no connections func MakeConnectionSet(all bool) *ConnectionSet { if all { - return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}} + return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} + } + return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} +} + +func MakeAllConnectionSetWithRule(rule string, isIngress bool) *ConnectionSet { + return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}, + CommonImplyingRules: MakeImplyingRulesWithRule(rule, isIngress)} +} + +// Add common implying rule, i.e., a rule that is relevant for the whole ConnectionSet +func (conn *ConnectionSet) AddCommonImplyingRule(implyingRule string, isIngress bool) { + conn.CommonImplyingRules.AddRule(implyingRule, isIngress) +} + +func (conn *ConnectionSet) GetEquivalentCanonicalConnectionSet() *ConnectionSet { + res := MakeConnectionSet(false) + if conn.AllowAll { + res.AllowAll = true + return res } - return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}} + for protocol, ports := range conn.AllowedProtocols { + canonicalPorts := ports.GetEquivalentCanonicalPortSet() + if !canonicalPorts.IsEmpty() { + res.AllowedProtocols[protocol] = canonicalPorts + } + } + return res } // GetAllTCPConnections returns a pointer to ConnectionSet object with all TCP protocol connections @@ -44,116 +74,152 @@ func GetAllTCPConnections() *ConnectionSet { } // Intersection updates ConnectionSet object to be the intersection result with other ConnectionSet +// the implying rules are symmetrically updated by both conn and other, +// i.e., conn does not have a precedence over other func (conn *ConnectionSet) Intersection(other *ConnectionSet) { - if other.AllowAll { - return - } - if conn.AllowAll { - conn.AllowAll = false - for protocol, ports := range other.AllowedProtocols { - conn.AllowedProtocols[protocol] = ports.Copy() + if len(conn.AllowedProtocols) == 0 && len(other.AllowedProtocols) == 0 { + // each one of conn and other is either AllowAll or Empty + if other.IsEmpty() { + conn.AllowAll = false + conn.AllowedProtocols = map[v1.Protocol]*PortSet{} } + // union common implying rules - a symmetrical update + conn.CommonImplyingRules.Union(other.CommonImplyingRules, true) return } + // prepare conn and other for the intersection - we need to seep implying rules info into all protocols/ports + conn.rebuildExplicitly() + other.rebuildExplicitly() + conn.AllowAll = false for protocol := range conn.AllowedProtocols { otherPorts, ok := other.AllowedProtocols[protocol] if !ok { - delete(conn.AllowedProtocols, protocol) + log.Panic("We should not get here") } else { conn.AllowedProtocols[protocol].Intersection(otherPorts) - if conn.AllowedProtocols[protocol].IsEmpty() { - delete(conn.AllowedProtocols, protocol) - } } } + conn.updateIfAllConnections() // the result may be AllowAll if both conn and other were AllowAll } // IsEmpty returns true if the ConnectionSet has no allowed connections func (conn *ConnectionSet) IsEmpty() bool { - return !conn.AllowAll && len(conn.AllowedProtocols) == 0 + if conn.AllowAll { + return false + } + if len(conn.AllowedProtocols) == 0 { + return true + } + // now check semantically + for _, protocol := range allProtocols { + ports, ok := conn.AllowedProtocols[protocol] + if ok && !ports.IsEmpty() { // this is a semantic emptiness check (no included ports, may be holes) + return false + } + } + return true } -func (conn *ConnectionSet) isAllConnectionsWithoutAllowAll() bool { +func (conn *ConnectionSet) updateIfAllConnections() { if conn.AllowAll { - return false + return } for _, protocol := range allProtocols { ports, ok := conn.AllowedProtocols[protocol] if !ok { - return false + return } else if !ports.IsAll() { - return false + return } } + conn.AllowAll = true + // we keep conn.AllowedProtocols data, we might need the ImplyingRules info for explainability +} - return true +func (conn *ConnectionSet) SetExplResult(isIngress bool) { + if len(conn.AllowedProtocols) == 0 { + // no AllowedProtocols --> compute result according to AllowAll + conn.CommonImplyingRules.SetResult(conn.AllowAll, isIngress) + return + } + // compute result for every range in AllowedProtocols + for _, ports := range conn.AllowedProtocols { + ports.Ports.SetExplResult(isIngress) + } } -func (conn *ConnectionSet) checkIfAllConnections() { - if conn.isAllConnectionsWithoutAllowAll() { - conn.AllowAll = true - conn.AllowedProtocols = map[v1.Protocol]*PortSet{} +// rebuildExplicitly : represent All/No connections explicitly (All connections if AllowAll==true, No connections otherwise), +// by building AllowedProtocols and adding the whole range intervals/holes (depending on AllowAll field) +func (conn *ConnectionSet) rebuildExplicitly() { + if len(conn.AllowedProtocols) == len(allProtocols) { + return // if all protocols exist, nothing to add + } + var portSet *PortSet + if conn.AllowAll { + portSet = MakeAllPortSetWithImplyingRules(conn.CommonImplyingRules) + } else { + portSet = MakeEmptyPortSetWithImplyingRules(conn.CommonImplyingRules) + } + for _, protocol := range allProtocols { + if _, ok := conn.AllowedProtocols[protocol]; !ok { + conn.AddConnection(protocol, portSet) + } } + conn.CommonImplyingRules = InitImplyingRules() } // Union updates ConnectionSet object to be the union result with other ConnectionSet -func (conn *ConnectionSet) Union(other *ConnectionSet) { - if conn.AllowAll || other.IsEmpty() { +// the implying rules are updated only if something changes in conn, +// i.e., conn has a precedence over other +func (conn *ConnectionSet) Union(other *ConnectionSet, collectRules bool) { + if conn.IsEmpty() && (other.IsEmpty() || other.AllowAll) && len(conn.AllowedProtocols) == 0 && len(other.AllowedProtocols) == 0 { + if other.IsEmpty() { + // we should union implying rules - both contribute to the result being empty + conn.CommonImplyingRules.Union(other.CommonImplyingRules, collectRules) + } else { + // we should substitute the implying rules by others' rules + conn.CommonImplyingRules = other.CommonImplyingRules.Copy() + } + conn.AllowAll = other.AllowAll return } - if other.AllowAll { - conn.AllowAll = true - conn.AllowedProtocols = map[v1.Protocol]*PortSet{} - return + if other.IsEmpty() { + return // neither connections nor implying rules can be updated } + conn.rebuildExplicitly() + other.rebuildExplicitly() for protocol := range conn.AllowedProtocols { if otherPorts, ok := other.AllowedProtocols[protocol]; ok { - conn.AllowedProtocols[protocol].Union(otherPorts) - } - } - for protocol := range other.AllowedProtocols { - if _, ok := conn.AllowedProtocols[protocol]; !ok { - portsCopy := other.AllowedProtocols[protocol].Copy() - conn.AllowedProtocols[protocol] = portsCopy + conn.AllowedProtocols[protocol].Union(otherPorts, collectRules) } } - conn.checkIfAllConnections() + conn.CommonImplyingRules = InitImplyingRules() // clear common implying rules, since we have implying rules in AllowedProtocols + conn.updateIfAllConnections() } // Subtract : updates current ConnectionSet object with the result of // subtracting other ConnectionSet from current ConnectionSet +// the implying rules are updated by both conn and other func (conn *ConnectionSet) Subtract(other *ConnectionSet) { - if other.IsEmpty() { // nothing to subtract + if /*conn.IsEmpty() ||*/ other.IsEmpty() { // nothing to subtract return } - if other.AllowAll { // subtract everything + if other.AllowAll && len(other.AllowedProtocols) == 0 { + // a special case when we should replace current common implying rules by others' + conn.CommonImplyingRules = other.CommonImplyingRules.Copy() conn.AllowAll = false conn.AllowedProtocols = map[v1.Protocol]*PortSet{} return } - if conn.AllowAll { - conn.AllowAll = false // we are about to subtract something - conn.addAllConns() - } + conn.rebuildExplicitly() + conn.AllowAll = false for protocol, ports := range conn.AllowedProtocols { if otherPorts, ok := other.AllowedProtocols[protocol]; ok { - if ports.ContainedIn(otherPorts) { - delete(conn.AllowedProtocols, protocol) - } else { - ports.subtract(otherPorts) - } + ports.subtract(otherPorts) } } } -// addAllConns : add all possible connections to the current ConnectionSet's allowed protocols -// added explicitly, without using the `AllowAll` field -func (conn *ConnectionSet) addAllConns() { - for _, protocol := range allProtocols { - conn.AddConnection(protocol, MakePortSet(true)) - } -} - // Contains returns true if the input port+protocol is an allowed connection func (conn *ConnectionSet) Contains(port, protocol string) bool { intPort, err := strconv.Atoi(port) @@ -180,6 +246,9 @@ func (conn *ConnectionSet) ContainedIn(other *ConnectionSet) bool { return false } for protocol, ports := range conn.AllowedProtocols { + if ports.IsEmpty() { + continue // empty port set might exist due to preserving data for explainability + } otherPorts, ok := other.AllowedProtocols[protocol] if !ok { return false @@ -193,12 +262,15 @@ func (conn *ConnectionSet) ContainedIn(other *ConnectionSet) bool { // AddConnection updates current ConnectionSet object with new allowed connection func (conn *ConnectionSet) AddConnection(protocol v1.Protocol, ports *PortSet) { - if ports.IsEmpty() { + if ports.IsUnfilled() { + // The return below is only when 'ports' is syntactically empty; + // In the case of a hole (semantically empty set), we do want to add it + // in order to keep the explanation data return } connPorts, ok := conn.AllowedProtocols[protocol] if ok { - connPorts.Union(ports) + connPorts.Union(ports, true) } else { conn.AllowedProtocols[protocol] = ports.Copy() } @@ -213,7 +285,9 @@ func (conn *ConnectionSet) String() string { } resStrings := []string{} for protocol, ports := range conn.AllowedProtocols { - resStrings = append(resStrings, protocolAndPortsStr(protocol, ports.String())) + if portsString := ports.String(); portsString != "" { + resStrings = append(resStrings, protocolAndPortsStr(protocol, portsString)) + } } sort.Strings(resStrings) return strings.Join(resStrings, ",") @@ -224,11 +298,13 @@ func (conn *ConnectionSet) Equal(other *ConnectionSet) bool { if conn.AllowAll != other.AllowAll { return false } - if len(conn.AllowedProtocols) != len(other.AllowedProtocols) { + connCanonical := conn.GetEquivalentCanonicalConnectionSet() + otherCanonical := other.GetEquivalentCanonicalConnectionSet() + if len(connCanonical.AllowedProtocols) != len(otherCanonical.AllowedProtocols) { return false } - for protocol, ports := range conn.AllowedProtocols { - otherPorts, ok := other.AllowedProtocols[protocol] + for protocol, ports := range connCanonical.AllowedProtocols { + otherPorts, ok := otherCanonical.AllowedProtocols[protocol] if !ok { return false } @@ -246,14 +322,15 @@ func (conn *ConnectionSet) Copy() *ConnectionSet { for protocol, portSet := range conn.AllowedProtocols { res.AllowedProtocols[protocol] = portSet.Copy() } + res.CommonImplyingRules = conn.CommonImplyingRules.Copy() return res } -// GetNamedPorts returns map from protocol to list of its allowed named ports -func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol][]string { - res := make(map[v1.Protocol][]string, 0) +// GetNamedPorts returns map from protocol to its allowed named ports (including ImplyingRules info) +func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol]NamedPortsType { + res := make(map[v1.Protocol]NamedPortsType, 0) for protocol, portSet := range conn.AllowedProtocols { - if namedPorts := portSet.GetNamedPortsKeys(); len(namedPorts) > 0 { + if namedPorts := portSet.GetNamedPorts(); len(namedPorts) > 0 { res[protocol] = namedPorts } } @@ -262,43 +339,58 @@ func (conn *ConnectionSet) GetNamedPorts() map[v1.Protocol][]string { // ReplaceNamedPortWithMatchingPortNum : replacing given namedPort with the matching given port num in the connection // if port num is -1; just deletes the named port from the protocol's list -func (conn *ConnectionSet) ReplaceNamedPortWithMatchingPortNum(protocol v1.Protocol, namedPort string, portNum int32) { +func (conn *ConnectionSet) ReplaceNamedPortWithMatchingPortNum(protocol v1.Protocol, namedPort string, portNum int32, + implyingRules ImplyingRulesType) { protocolPortSet := conn.AllowedProtocols[protocol] if portNum != NoPort { - protocolPortSet.AddPort(intstr.FromInt32(portNum)) + protocolPortSet.AddPort(intstr.FromInt32(portNum), implyingRules) } // after adding the portNum to the protocol's portSet; remove the port name protocolPortSet.RemovePort(intstr.FromString(namedPort)) } -// portRange implements the PortRange interface -type portRange struct { - Interval interval.Interval +// PortRangeData implements the PortRange interface +type PortRangeData struct { + Interval AugmentedInterval } -func (p *portRange) Start() int64 { - return p.Interval.Start() +func (p *PortRangeData) Start() int64 { + return p.Interval.interval.Start() } -func (p *portRange) End() int64 { - return p.Interval.End() +func (p *PortRangeData) End() int64 { + return p.Interval.interval.End() } -func (p *portRange) String() string { - if p.Interval.End() != p.Interval.Start() { +func (p *PortRangeData) String() string { + if p.End() != p.Start() { return fmt.Sprintf("%d-%d", p.Start(), p.End()) } return fmt.Sprintf("%d", p.Start()) } +func (p *PortRangeData) StringWithExplanation(protocolString string) string { + resultStr := allowResultStr + if !p.InSet() { + resultStr = denyResultStr + } + return resultStr + SpaceSeparator + protocolString + ":" + p.String() + p.Interval.implyingRules.String() +} + +func (p *PortRangeData) InSet() bool { + return p.Interval.inSet +} + // ProtocolsAndPortsMap() returns a map from allowed protocol to list of allowed ports ranges. -func (conn *ConnectionSet) ProtocolsAndPortsMap() map[v1.Protocol][]PortRange { +func (conn *ConnectionSet) ProtocolsAndPortsMap(includeDeniedPorts bool) map[v1.Protocol][]PortRange { res := make(map[v1.Protocol][]PortRange, 0) for protocol, portSet := range conn.AllowedProtocols { res[protocol] = make([]PortRange, 0) // TODO: consider leave the slice of ports empty if portSet covers the full range for _, v := range portSet.Ports.Intervals() { - res[protocol] = append(res[protocol], &portRange{Interval: v}) + if includeDeniedPorts || v.inSet { + res[protocol] = append(res[protocol], &PortRangeData{Interval: v}) + } } } return res @@ -324,11 +416,12 @@ func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[ } var connStr string // connStrings will contain the string of given conns protocols and ports as is - connStrings := make([]string, len(protocolsAndPorts)) - index := 0 + connStrings := make([]string, 0, len(protocolsAndPorts)) for protocol, ports := range protocolsAndPorts { - connStrings[index] = protocolAndPortsStr(protocol, portsString(ports)) - index++ + if thePortsStr := portsString(ports); thePortsStr != "" { + // thePortsStr might be empty if 'ports' does not contain 'InSet' ports + connStrings = append(connStrings, protocolAndPortsStr(protocol, thePortsStr)) + } } sort.Strings(connStrings) connStr = strings.Join(connStrings, connsAndPortRangeSeparator) @@ -336,14 +429,60 @@ func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[ } // get string representation for a list of port ranges +// return a canonical form (longest in-set ranges) func portsString(ports []PortRange) string { - portsStr := make([]string, len(ports)) + portsStr := make([]string, 0, len(ports)) + currInterval := interval.New(0, -1) // an empty interval for i := range ports { - portsStr[i] = ports[i].String() + if ports[i].(*PortRangeData).InSet() { + switch { + case currInterval.IsEmpty(): + currInterval = interval.New(ports[i].Start(), ports[i].End()) + case currInterval.End()+1 == ports[i].Start(): + currInterval = interval.New(currInterval.Start(), ports[i].End()) // extend the interval + default: + portsStr = append(portsStr, currInterval.ShortString()) + currInterval = interval.New(0, -1) + } + } else if !currInterval.IsEmpty() { + portsStr = append(portsStr, currInterval.ShortString()) + currInterval = interval.New(0, -1) + } + } + if !currInterval.IsEmpty() { + portsStr = append(portsStr, currInterval.ShortString()) } return strings.Join(portsStr, connsAndPortRangeSeparator) } +func portsStringWithExplanation(ports []PortRange, protocolString string) string { + portsStr := make([]string, 0, len(ports)) + for i := range ports { + portsStr = append(portsStr, ports[i].(*PortRangeData).StringWithExplanation(protocolString)) + } + return strings.Join(portsStr, NewLine) +} + func protocolAndPortsStr(protocol v1.Protocol, ports string) string { - return string(protocol) + " " + ports + return string(protocol) + SpaceSeparator + ports +} + +func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRules ImplyingRulesType, + protocolsAndPorts map[v1.Protocol][]PortRange) string { + if len(protocolsAndPorts) == 0 { + connStr := noConnsStr + if allProtocolsAndPorts { + connStr = allConnsStr + } + return connStr + commonImplyingRules.String() + } + var connStr string + // connStrings will contain the string of given conns protocols and ports as is + connStrings := make([]string, 0, len(protocolsAndPorts)) + for protocol, ports := range protocolsAndPorts { + connStrings = append(connStrings, portsStringWithExplanation(ports, string(protocol))) + } + sort.Strings(connStrings) + connStr = strings.Join(connStrings, NewLine) + return connStr } diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index fd0b7417..768d7a43 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -12,8 +12,6 @@ import ( "strings" "k8s.io/apimachinery/pkg/util/intstr" - - "github.com/np-guard/models/pkg/interval" ) const ( @@ -22,95 +20,134 @@ const ( maxPort int64 = 65535 ) +type NamedPortsType map[string]ImplyingRulesType + +func portNames(ports NamedPortsType) []string { + res := []string{} + for p := range ports { + res = append(res, p) + } + return res +} + // PortSet: represents set of allowed ports in a connection type PortSet struct { - Ports *interval.CanonicalSet - NamedPorts map[string]bool - ExcludedNamedPorts map[string]bool + Ports *AugmentedCanonicalSet // ports, augmented with implying rules data (used for explainability) + // NamedPorts/ExcludedNamedPorts is a map from a port name to implying rule names (used for explainnability) + // When not running with explainability, existing (excluded)named ports will be represented by a mapping + // from a port name to an empty implying rules holder + NamedPorts NamedPortsType + ExcludedNamedPorts NamedPortsType } // MakePortSet: return a new PortSet object, with all ports or no ports allowed func MakePortSet(all bool) *PortSet { - if all { - return &PortSet{Ports: interval.New(minPort, maxPort).ToSet(), - NamedPorts: map[string]bool{}, - ExcludedNamedPorts: map[string]bool{}, - } + return &PortSet{Ports: NewAugmentedCanonicalSet(minPort, maxPort, all), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, + } +} + +func MakeAllPortSetWithImplyingRules(rules ImplyingRulesType) *PortSet { + return &PortSet{Ports: NewAugmentedCanonicalSetWithRules(minPort, maxPort, true, rules), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, } - return &PortSet{Ports: interval.NewCanonicalSet(), - NamedPorts: map[string]bool{}, - ExcludedNamedPorts: map[string]bool{}, +} + +func MakeEmptyPortSetWithImplyingRules(rules ImplyingRulesType) *PortSet { + return &PortSet{Ports: NewAugmentedCanonicalSetWithRules(minPort, maxPort, false, rules), + NamedPorts: NamedPortsType{}, + ExcludedNamedPorts: NamedPortsType{}, } } // Equal: return true if current object equals another PortSet object func (p *PortSet) Equal(other *PortSet) bool { - return p.Ports.Equal(other.Ports) && reflect.DeepEqual(p.NamedPorts, other.NamedPorts) && - reflect.DeepEqual(p.ExcludedNamedPorts, other.ExcludedNamedPorts) + return p.Ports.Equal(other.Ports) && reflect.DeepEqual(portNames(p.NamedPorts), portNames(other.NamedPorts)) && + reflect.DeepEqual(portNames(p.ExcludedNamedPorts), portNames(other.ExcludedNamedPorts)) } -// IsEmpty: return true if current object is empty (no ports allowed) +// IsEmpty: return true if current PortSet is semantically empty (no ports allowed) func (p *PortSet) IsEmpty() bool { return p.Ports.IsEmpty() && len(p.NamedPorts) == 0 } +// Unfilled: return true if current PortSet is syntactically empty +func (p *PortSet) IsUnfilled() bool { + return p.Ports.IsUnfilled() && len(p.NamedPorts) == 0 +} + // Copy: return a new copy of a PortSet object func (p *PortSet) Copy() *PortSet { res := MakePortSet(false) res.Ports = p.Ports.Copy() for k, v := range p.NamedPorts { - res.NamedPorts[k] = v + res.NamedPorts[k] = v.Copy() } for k, v := range p.ExcludedNamedPorts { - res.ExcludedNamedPorts[k] = v + res.ExcludedNamedPorts[k] = v.Copy() } return res } // AddPort: update current PortSet object with new added port as allowed -func (p *PortSet) AddPort(port intstr.IntOrString) { +func (p *PortSet) AddPort(port intstr.IntOrString, implyingRules ImplyingRulesType) { if port.Type == intstr.String { - p.NamedPorts[port.StrVal] = true + if _, ok := p.NamedPorts[port.StrVal]; !ok { + p.NamedPorts[port.StrVal] = InitImplyingRules() + } + theRules := p.NamedPorts[port.StrVal] + theRules.Union(implyingRules, true) + p.NamedPorts[port.StrVal] = theRules delete(p.ExcludedNamedPorts, port.StrVal) } else { - p.Ports.AddInterval(interval.New(int64(port.IntVal), int64(port.IntVal))) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), true) } } // RemovePort: update current PortSet object with removing input port from allowed ports func (p *PortSet) RemovePort(port intstr.IntOrString) { if port.Type == intstr.String { + p.ExcludedNamedPorts[port.StrVal] = p.NamedPorts[port.StrVal] delete(p.NamedPorts, port.StrVal) - p.ExcludedNamedPorts[port.StrVal] = true } else { - p.Ports.AddHole(interval.New(int64(port.IntVal), int64(port.IntVal))) + p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), false) } } // AddPortRange: update current PortSet object with new added port range as allowed -func (p *PortSet) AddPortRange(minPort, maxPort int64) { - p.Ports.AddInterval(interval.New(minPort, maxPort)) +func (p *PortSet) AddPortRange(minPort, maxPort int64, inSet bool, fromRule string, isIngress bool) { + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, isIngress), true) } // Union: update current PortSet object with union of input PortSet object -func (p *PortSet) Union(other *PortSet) { - p.Ports = p.Ports.Union(other.Ports) +// Note: this function is not symmetrical regarding the update of implying rules: +// it updates implying rules of 'p' by those of 'other' only for ports that get changed in 'p' +func (p *PortSet) Union(other *PortSet, collectRules bool) { + p.Ports = p.Ports.Union(other.Ports, collectRules) // union current namedPorts with other namedPorts, and delete other namedPorts from current excludedNamedPorts for k, v := range other.NamedPorts { - p.NamedPorts[k] = v + if _, ok := p.NamedPorts[k]; !ok { + // this named port was not in p --> take implying rules from other + p.NamedPorts[k] = v.Copy() + } delete(p.ExcludedNamedPorts, k) } // add excludedNamedPorts from other to current excludedNamedPorts if they are not in united p.NamedPorts for k, v := range other.ExcludedNamedPorts { - if !p.NamedPorts[k] { - p.ExcludedNamedPorts[k] = v + if _, ok := p.NamedPorts[k]; !ok { + if _, ok := p.ExcludedNamedPorts[k]; !ok { + // this exluded named port was not excluded in p --> take implying rules from other + p.ExcludedNamedPorts[k] = v.Copy() + } } } } // ContainedIn: return true if current PortSet object is contained in input PortSet object func (p *PortSet) ContainedIn(other *PortSet) bool { - return p.Ports.IsSubset(other.Ports) + return p.Ports.ContainedIn(other.Ports) } // Intersection: update current PortSet object as intersection with input PortSet object @@ -124,7 +161,6 @@ func (p *PortSet) IsAll() bool { } const comma = "," -const emptyStr = "Empty" // String: return string representation of current PortSet func (p *PortSet) String() string { @@ -132,10 +168,7 @@ func (p *PortSet) String() string { if len(p.NamedPorts) > 0 { sortedNamedPorts := p.GetNamedPortsKeys() sort.Strings(sortedNamedPorts) - // if p.Ports is empty but p.NamedPorts is not: start a new string - if res == emptyStr { - res = "" - } else { + if res != "" { res += comma } res += strings.Join(sortedNamedPorts, comma) @@ -148,7 +181,12 @@ func (p *PortSet) Contains(port int64) bool { return p.Ports.Contains(port) } -// GetNamedPortsKeys returns the named ports of current portSet +// GetNamedPorts returns the named ports of the current PortSet +func (p *PortSet) GetNamedPorts() NamedPortsType { + return p.NamedPorts +} + +// GetNamedPortsKeys returns the named ports names of the current PortSet func (p *PortSet) GetNamedPortsKeys() []string { res := make([]string, len(p.NamedPorts)) index := 0 @@ -162,14 +200,21 @@ func (p *PortSet) GetNamedPortsKeys() []string { // subtract: updates current portSet with the result of subtracting the given portSet from it func (p *PortSet) subtract(other *PortSet) { p.Ports = p.Ports.Subtract(other.Ports) - p.subtractNamedPorts(other.NamedPorts) + // delete other named ports from current portSet's named ports map + // and add the deleted named ports to excluded named ports map + for k, v := range other.NamedPorts { + if _, ok := p.ExcludedNamedPorts[k]; !ok { + p.ExcludedNamedPorts[k] = InitImplyingRules() + } + theRules := p.ExcludedNamedPorts[k] + theRules.Union(v.Copy(), true) + p.ExcludedNamedPorts[k] = theRules + delete(p.NamedPorts, k) + } } -// subtractNamedPorts: deletes given named ports from current portSet's named ports map -// and adds the deleted named ports to excluded named ports map -func (p *PortSet) subtractNamedPorts(otherNamedPorts map[string]bool) { - for namedPort := range otherNamedPorts { - delete(p.NamedPorts, namedPort) - p.ExcludedNamedPorts[namedPort] = true - } +func (p *PortSet) GetEquivalentCanonicalPortSet() *PortSet { + res := p.Copy() + res.Ports = p.Ports.GetEquivalentCanonicalAugmentedSet() + return res } diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt new file mode 100644 index 00000000..fda432e6 --- /dev/null +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -0,0 +1,126 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/my-bar[Pod] => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/my-baz[Pod] => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: + +ALLOWED SCTP:1-65535 the system default (Allow all) + +ALLOWED UDP:1-65535 the system default (Allow all) + +DENIED TCP:1-1233 due to the following policies//rules: + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +ALLOWED TCP:1234 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + +DENIED TCP:1235-8079 due to the following policies//rules: + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +DENIED TCP:8080 due to the following policies//rules: + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +DENIED TCP:8081-9000 due to the following policies//rules: + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +ALLOWED TCP:9001-65535 the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: + +ALLOWED SCTP:1-65535 the system default (Allow all) + +ALLOWED TCP:1-1233 the system default (Allow all) + +ALLOWED TCP:1234 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + +ALLOWED TCP:1235-65535 the system default (Allow all) + +ALLOWED UDP:1-65535 the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: + +ALLOWED SCTP:1-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:1-1233 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:1234 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + +ALLOWED TCP:1235-8079 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:8080 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:8081-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED UDP:1-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => bar/my-bar[Pod] +0.0.0.0-255.255.255.255 => baz/my-baz[Pod] +0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] +bar/my-bar[Pod] => 0.0.0.0-255.255.255.255 +bar/my-bar[Pod] => baz/my-baz[Pod] +bar/my-bar[Pod] => monitoring/my-monitoring[Pod] +baz/my-baz[Pod] => 0.0.0.0-255.255.255.255 +baz/my-baz[Pod] => bar/my-bar[Pod] +baz/my-baz[Pod] => monitoring/my-monitoring[Pod] +foo/my-foo[Pod] => 0.0.0.0-255.255.255.255 +foo/my-foo[Pod] => bar/my-bar[Pod] +foo/my-foo[Pod] => baz/my-baz[Pod] +foo/my-foo[Pod] => monitoring/my-monitoring[Pod] +monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt new file mode 100644 index 00000000..d661b490 --- /dev/null +++ b/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt @@ -0,0 +1,33 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] +bar/my-bar[Pod] => monitoring/my-monitoring[Pod] +baz/my-baz[Pod] => monitoring/my-monitoring[Pod] +foo/my-foo[Pod] => monitoring/my-monitoring[Pod] +monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/tests/anp_banp_blog_demo_2/ns.yaml b/tests/anp_banp_blog_demo_2/ns.yaml new file mode 100644 index 00000000..c9b2481e --- /dev/null +++ b/tests/anp_banp_blog_demo_2/ns.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foo + labels: + security: internal + kubernetes.io/metadata.name: foo +--- + +apiVersion: v1 +kind: Namespace +metadata: + name: bar + labels: + security: internal + kubernetes.io/metadata.name: bar + +--- + +apiVersion: v1 +kind: Namespace +metadata: + name: baz + labels: + kubernetes.io/metadata.name: baz + +--- + + +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + kubernetes.io/metadata.name: monitoring \ No newline at end of file diff --git a/tests/anp_banp_blog_demo_2/policies.yaml b/tests/anp_banp_blog_demo_2/policies.yaml new file mode 100644 index 00000000..08f61ca7 --- /dev/null +++ b/tests/anp_banp_blog_demo_2/policies.yaml @@ -0,0 +1,87 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: foo +spec: + podSelector: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: BaselineAdminNetworkPolicy +metadata: + name: default +spec: + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "deny-ingress-from-all-namespaces" + action: "Deny" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portRange: + protocol: TCP + start: 1 + end: 9000 + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: allow-monitoring +spec: + priority: 9 + subject: + namespaces: {} + ingress: + - name: "allow-ingress-from-monitoring" + action: "Allow" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 1234 + + + +--- + +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: pass-monitoring +spec: + priority: 7 + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "pass-ingress-from-monitoring" + action: "Pass" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 8080 + diff --git a/tests/anp_banp_blog_demo_2/workloads.yaml b/tests/anp_banp_blog_demo_2/workloads.yaml new file mode 100644 index 00000000..00b070ff --- /dev/null +++ b/tests/anp_banp_blog_demo_2/workloads.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Pod +metadata: + namespace: foo + name: my-foo + labels: + security: internal +spec: + containers: + - name: myfirstContainer + image: fooimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: bar + name: my-bar + labels: + security: internal +spec: + containers: + - name: myfirstContainer + image: barimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: baz + name: my-baz + labels: + security: none +spec: + containers: + - name: myfirstContainer + image: bazimage + +--- + +apiVersion: v1 +kind: Pod +metadata: + namespace: monitoring + name: my-monitoring + labels: + security: monitoring +spec: + containers: + - name: myfirstContainer + image: monitoringimage + +--- + + From 8217a4bcd3cabcdb2c59ab755b2182505deaee05 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 10 Dec 2024 14:55:39 +0200 Subject: [PATCH 02/28] More delicate handling of intersection of ingress and egress connections (to preserve explainability data from both directions). Updating testing data accordingly. --- pkg/netpol/connlist/explanation_test.go | 4 +- .../internal/common/augmented_intervalset.go | 49 +++++++++--- .../anp_banp_blog_demo_2_explain_output.txt | 4 + .../anp_banp_blog_demo_explain_output.txt | 80 +++++++++++++++++++ ..._workload_my-monitoring_explain_output.txt | 33 -------- 5 files changed, 121 insertions(+), 49 deletions(-) create mode 100644 test_outputs/connlist/anp_banp_blog_demo_explain_output.txt delete mode 100644 test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index a308e941..da3db836 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -52,12 +52,10 @@ var explainTests = []struct { // testDirName: "anp_test_10", // }, { - testDirName: "anp_banp_blog_demo", - focusWorkload: "my-monitoring", + testDirName: "anp_banp_blog_demo", }, { testDirName: "anp_banp_blog_demo_2", - // focusWorkload: "my-monitoring", }, // { // testDirName: "ipblockstest", diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index a98c097f..7e10c4d7 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -249,6 +249,32 @@ func (rules *ImplyingRulesType) Union(other ImplyingRulesType, collectRules bool rules.Egress.Union(other.Egress, collectRules) } +func (rules *ImplyingRulesType) onlyIngressDirection() bool { + return !rules.Ingress.Empty() && rules.Egress.Empty() +} + +func (rules *ImplyingRulesType) onlyEgressDirection() bool { + return rules.Ingress.Empty() && !rules.Egress.Empty() +} + +// OverrideUnlessOppositeDirections checks whether rules and other contain only rules of opposite directions +// (one of them only Ingress and another only Egress). +// This happens when performing intersection between ingress and egress connections. +// In this case the function preserves implying rules of both directions (for detailed explainability report). +// If this is not the case of 'opposite durections' scenario, the function overrides current implying rules by others'. +func (rules *ImplyingRulesType) OverrideUnlessOppositeDirections(other ImplyingRulesType) { + if rules.onlyIngressDirection() && other.onlyEgressDirection() { + // opposite directions (Ingress in rules and Egress in other) -> keep Ingress, copy Egress + rules.Egress = other.Egress.Copy() + } else if rules.onlyEgressDirection() && other.onlyIngressDirection() { + // opposite directions (Egress in rules and Ingress in other) -> keep Egress, copy Ingress + rules.Ingress = other.Ingress.Copy() + } else { + // this is not the case of opposite directions -> override everything + *rules = other.Copy() + } +} + func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, collectRules bool) bool { return rules.Ingress.mayBeUpdatedBy(other.Ingress, collectRules) || rules.Egress.mayBeUpdatedBy(other.Egress, collectRules) } @@ -453,12 +479,11 @@ func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collec // split set[left] into two intervals, while the implying rules of the second interval should get the new value (from v) new1 := AugmentedInterval{interval: interval.New(set[left].interval.Start(), v.interval.Start()-1), inSet: set[left].inSet, implyingRules: set[left].implyingRules.Copy()} - var newImplyingRules ImplyingRulesType + newImplyingRules := set[left].implyingRules.Copy() if set[left].inSet == v.inSet { - newImplyingRules = set[left].implyingRules.Copy() newImplyingRules.Union(v.implyingRules, collectRules) } else { - newImplyingRules = v.implyingRules.Copy() + newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) } new2 := AugmentedInterval{interval: interval.New(v.interval.Start(), min(set[left].interval.End(), v.interval.End())), inSet: v.inSet, implyingRules: newImplyingRules} @@ -470,14 +495,13 @@ func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collec (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { break // this is the corner case handled following the loop below } - var newImplyingRules ImplyingRulesType + newImplyingRules := set[ind].implyingRules.Copy() if set[ind].inSet == v.inSet { // this interval is not impacted by v; // however, its implying rules may be updated by those of v. - newImplyingRules = set[ind].implyingRules.Copy() newImplyingRules.Union(v.implyingRules, collectRules) } else { - newImplyingRules = v.implyingRules.Copy() + newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) } result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, implyingRules: newImplyingRules}) } @@ -488,12 +512,11 @@ func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collec if left < right || (left == right && v.interval.Start() == set[left].interval.Start()) { // a special case when left==right (i.e., v is included in one interval from set) was already handled // at the left-hand side of the intersection of v with set - var newImplyingRules ImplyingRulesType + newImplyingRules := set[right].implyingRules.Copy() if set[right].inSet == v.inSet { - newImplyingRules = set[right].implyingRules.Copy() newImplyingRules.Union(v.implyingRules, collectRules) } else { - newImplyingRules = v.implyingRules.Copy() + newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) } new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), inSet: v.inSet, implyingRules: newImplyingRules} @@ -537,12 +560,12 @@ func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectRules res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, false) + res.AddAugmentedInterval(left, collectRules) } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, false) + res.AddAugmentedInterval(right, collectRules) } } for _, left := range c.intervalSet { @@ -627,12 +650,12 @@ func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *Augment } for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, false) + res.AddAugmentedInterval(left, true) // collect implying rules allowed by both sets } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, false) + res.AddAugmentedInterval(right, true) // collect implying rules allowed by both sets } } return res diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index fda432e6..26318e51 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -30,6 +30,7 @@ ALLOWED SCTP:1-65535 the system default (Allow all) ALLOWED UDP:1-65535 the system default (Allow all) DENIED TCP:1-1233 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) @@ -39,15 +40,18 @@ ALLOWED TCP:1234 due to the following policies//rules: 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) DENIED TCP:1235-8079 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) DENIED TCP:8080 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) DENIED TCP:8081-9000 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt new file mode 100644 index 00000000..f723b5a5 --- /dev/null +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -0,0 +1,80 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/my-bar[Pod] => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/my-baz[Pod] => bar/my-bar[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/my-baz[Pod] => foo/my-foo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN foo/my-foo[Pod] => bar/my-bar[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => bar/my-bar[Pod] +0.0.0.0-255.255.255.255 => baz/my-baz[Pod] +0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] +bar/my-bar[Pod] => 0.0.0.0-255.255.255.255 +bar/my-bar[Pod] => baz/my-baz[Pod] +bar/my-bar[Pod] => monitoring/my-monitoring[Pod] +baz/my-baz[Pod] => 0.0.0.0-255.255.255.255 +baz/my-baz[Pod] => monitoring/my-monitoring[Pod] +foo/my-foo[Pod] => 0.0.0.0-255.255.255.255 +foo/my-foo[Pod] => baz/my-baz[Pod] +foo/my-foo[Pod] => monitoring/my-monitoring[Pod] +monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt deleted file mode 100644 index d661b490..00000000 --- a/test_outputs/connlist/anp_banp_blog_demo_focus_workload_my-monitoring_explain_output.txt +++ /dev/null @@ -1,33 +0,0 @@ ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: - -No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) - 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: - -All Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: - -All Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) - 2) [NP] foo/allow-monitoring//Ingress rule #1 - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): -0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] -bar/my-bar[Pod] => monitoring/my-monitoring[Pod] -baz/my-baz[Pod] => monitoring/my-monitoring[Pod] -foo/my-foo[Pod] => monitoring/my-monitoring[Pod] -monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 From 1e7cbb93e99f2bb2136e17972781272be4870eb0 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 23 Dec 2024 10:11:49 +0200 Subject: [PATCH 03/28] make linter happy --- pkg/netpol/connlist/explanation_test.go | 6 +++--- pkg/netpol/internal/common/augmented_intervalset.go | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index da3db836..657d21c9 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,6 +48,9 @@ var explainTests = []struct { testDirName string focusWorkload string }{ + { + testDirName: "netpol_named_port_test", + }, // { // testDirName: "anp_test_10", // }, @@ -64,9 +67,6 @@ var explainTests = []struct { // testDirName: "onlineboutique", // }, // { - // testDirName: "anp_banp_blog_demo", - // }, - // { // testDirName: "acs-security-demos", // }, // { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 7e10c4d7..eda3106d 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -263,13 +263,14 @@ func (rules *ImplyingRulesType) onlyEgressDirection() bool { // In this case the function preserves implying rules of both directions (for detailed explainability report). // If this is not the case of 'opposite durections' scenario, the function overrides current implying rules by others'. func (rules *ImplyingRulesType) OverrideUnlessOppositeDirections(other ImplyingRulesType) { - if rules.onlyIngressDirection() && other.onlyEgressDirection() { + switch { + case rules.onlyIngressDirection() && other.onlyEgressDirection(): // opposite directions (Ingress in rules and Egress in other) -> keep Ingress, copy Egress rules.Egress = other.Egress.Copy() - } else if rules.onlyEgressDirection() && other.onlyIngressDirection() { + case rules.onlyEgressDirection() && other.onlyIngressDirection(): // opposite directions (Egress in rules and Ingress in other) -> keep Egress, copy Ingress rules.Ingress = other.Ingress.Copy() - } else { + default: // this is not the case of opposite directions -> override everything *rules = other.Copy() } From 181b9acadd3d17978b32c11698a2dca1326dd2fe Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 23 Dec 2024 12:03:47 +0200 Subject: [PATCH 04/28] fixing lint errors --- pkg/netpol/connlist/connlist.go | 6 ++++-- pkg/netpol/eval/internal/k8s/netpol_test.go | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index a2df9fe0..3a19e16d 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -209,10 +209,12 @@ func (ca *ConnlistAnalyzer) hasFatalError() error { // getPolicyEngine returns a new policy engine considering the exposure analysis option func (ca *ConnlistAnalyzer) getPolicyEngine(objectsList []parser.K8sObject) (*eval.PolicyEngine, error) { if !ca.exposureAnalysis { - return eval.NewPolicyEngineWithOptionsList(eval.WithExplanation(ca.explain), eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) + return eval.NewPolicyEngineWithOptionsList(eval.WithExplanation(ca.explain), + eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) } // else build new policy engine with exposure analysis option - return eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithExplanation(ca.explain), eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) + return eval.NewPolicyEngineWithOptionsList(eval.WithExposureAnalysis(), eval.WithExplanation(ca.explain), + eval.WithLogger(ca.logger), eval.WithObjectsList(objectsList)) } func (ca *ConnlistAnalyzer) connsListFromParsedResources(objectsList []parser.K8sObject) ([]Peer2PeerConnection, []Peer, error) { diff --git a/pkg/netpol/eval/internal/k8s/netpol_test.go b/pkg/netpol/eval/internal/k8s/netpol_test.go index df3a943e..11e3d4be 100644 --- a/pkg/netpol/eval/internal/k8s/netpol_test.go +++ b/pkg/netpol/eval/internal/k8s/netpol_test.go @@ -9,11 +9,12 @@ package k8s import ( "testing" - "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" v1 "k8s.io/api/core/v1" netv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" ) /*func TestCreatePod(t *testing.T) { From d50485be2b4aaf9a7c955013f22bb9c611585bc1 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 23 Dec 2024 17:42:44 +0200 Subject: [PATCH 05/28] More delicate handlinng of IPblock default connections explanation; Added no connection explanation for non-matching named ports case Added more explanation tests --- pkg/netpol/connlist/connlist.go | 4 +- pkg/netpol/connlist/conns_formatter_txt.go | 18 +++--- pkg/netpol/connlist/explanation_test.go | 6 +- pkg/netpol/eval/check.go | 52 ++++++++-------- pkg/netpol/eval/internal/k8s/adminnetpol.go | 2 +- pkg/netpol/eval/internal/k8s/netpol.go | 13 +++- .../eval/internal/k8s/policy_connections.go | 6 +- .../internal/common/augmented_intervalset.go | 60 +++++++++++-------- pkg/netpol/internal/common/connectionset.go | 4 +- .../anp_banp_blog_demo_2_explain_output.txt | 4 +- .../anp_banp_blog_demo_explain_output.txt | 4 +- .../netpol_named_port_test_explain_output.txt | 36 +++++++++++ 12 files changed, 136 insertions(+), 73 deletions(-) create mode 100644 test_outputs/connlist/netpol_named_port_test_explain_output.txt diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 3a19e16d..2c601b96 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -353,8 +353,8 @@ func (c *connection) ProtocolsAndPorts() map[v1.Protocol][]common.PortRange { return c.protocolsAndPorts } -func (c *connection) OnlySystemDefaultRule() bool { - return c.allConnections && len(c.protocolsAndPorts) == 0 && c.commonImplyingRules.OnlySystemDefaultRule() +func (c *connection) OnlyDefaultRule() bool { + return c.allConnections && len(c.protocolsAndPorts) == 0 && c.commonImplyingRules.OnlyDefaultRule() } // returns a *common.ConnectionSet from Peer2PeerConnection data diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index cee00c6f..7141792d 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -36,14 +36,14 @@ func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []Ex // writeConnlistOutput writes the section of the connlist result of the output func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns, explain bool) string { connLines := make([]singleConnFields, 0, len(conns)) - systemDefaultConnLines := make([]singleConnFields, 0, len(conns)) + defaultConnLines := make([]singleConnFields, 0, len(conns)) t.ipMaps = createIPMaps(saveIPConns) for i := range conns { p2pConn := formSingleP2PConn(conns[i], explain) if explain { // when running with explanation, we print system default connections at the end - if conns[i].(*connection).OnlySystemDefaultRule() { - systemDefaultConnLines = append(systemDefaultConnLines, p2pConn) + if conns[i].(*connection).OnlyDefaultRule() { + defaultConnLines = append(defaultConnLines, p2pConn) } else { connLines = append(connLines, p2pConn) } @@ -57,11 +57,11 @@ func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConn } sortConnFields(connLines, true) if explain { - sortConnFields(systemDefaultConnLines, true) + sortConnFields(defaultConnLines, true) } result := "" if explain { - result = writeExplanationOutput(connLines, systemDefaultConnLines) + result = writeExplanationOutput(connLines, defaultConnLines) } else { for _, p2pConn := range connLines { result += p2pConn.string() + newLineChar @@ -70,15 +70,15 @@ func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConn return result } -func writeExplanationOutput(connLines, systemDefaultConnLines []singleConnFields) string { +func writeExplanationOutput(connLines, defaultConnLines []singleConnFields) string { result := "" for _, p2pConn := range connLines { result += nodePairSeparationLine result += p2pConn.stringWithExplanation() + newLineChar } - if len(systemDefaultConnLines) > 0 { + if len(defaultConnLines) > 0 { result += nodePairSeparationLine + systemDefaultPairsHeader - for _, p2pConn := range systemDefaultConnLines { + for _, p2pConn := range defaultConnLines { result += p2pConn.nodePairString() + newLineChar } } @@ -89,7 +89,7 @@ const ( unprotectedHeader = "\nWorkloads not protected by network policies:\n" separationLine80 = "--------------------------------------------------------------------------------" nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine - systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemDefaultRule + ":\n" + systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemOrIPDefaultRule + ":\n" ) // writeExposureOutput writes the section of the exposure-analysis result diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index d0a272e0..657d21c9 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,9 +48,9 @@ var explainTests = []struct { testDirName string focusWorkload string }{ - // { - // testDirName: "netpol_named_port_test", - // }, + { + testDirName: "netpol_named_port_test", + }, // { // testDirName: "anp_test_10", // }, diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index f7568ced..a98654f8 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -259,7 +259,7 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) return nil, err } res.SetExplResult(false) - if res.IsEmpty() { + if res.IsEmpty() && !pe.explain { return res, nil } // ingress: get ingress allowed connections between the src and dst by @@ -514,38 +514,40 @@ func (pe *PolicyEngine) getAllAllowedXgressConnectionsFromANPs(src, dst k8s.Peer // - note that the result may contain allowed / denied connections. func (pe *PolicyEngine) getXgressDefaultConns(src, dst k8s.Peer, isIngress bool) (*k8s.PolicyConnections, error) { res := k8s.NewPolicyConnections() - if pe.baselineAdminNetpol == nil { - res.AllowedConns = common.MakeAllConnectionSetWithRule(common.SystemDefaultRule, isIngress) - return res, nil - } - if isIngress { // ingress - selectsDst, err := pe.baselineAdminNetpol.Selects(dst, true) - if err != nil { - return nil, err - } - // if the banp selects the dst on ingress, get ingress conns - if selectsDst { - res, err = pe.baselineAdminNetpol.GetIngressPolicyConns(src, dst) + if pe.baselineAdminNetpol != nil { + if isIngress { // ingress + selectsDst, err := pe.baselineAdminNetpol.Selects(dst, true) if err != nil { return nil, err } - } - } else { // egress (!isIngress) - selectsSrc, err := pe.baselineAdminNetpol.Selects(src, false) - if err != nil { - return nil, err - } - // if the banp selects the src on egress, get egress conns - if selectsSrc { - res, err = pe.baselineAdminNetpol.GetEgressPolicyConns(dst) + // if the banp selects the dst on ingress, get ingress conns + if selectsDst { + res, err = pe.baselineAdminNetpol.GetIngressPolicyConns(src, dst) + if err != nil { + return nil, err + } + } + } else { // egress (!isIngress) + selectsSrc, err := pe.baselineAdminNetpol.Selects(src, false) if err != nil { return nil, err } + // if the banp selects the src on egress, get egress conns + if selectsSrc { + res, err = pe.baselineAdminNetpol.GetEgressPolicyConns(dst) + if err != nil { + return nil, err + } + } } } - // if banp rules didn't capture xgress conn between src and dst, return system-default: allow-all; + // if no banp or banp rules didn't capture xgress conn between src and dst, return system-default: allow-all; // if banp rule captured xgress conn, only DeniedConns should be impacted by banp rule, - // whenever AllowedConns should anyway be system-default: allow-all - res.AllowedConns = common.MakeAllConnectionSetWithRule(common.SystemDefaultRule, isIngress) + // whenever AllowedConns should anyway be system-default: allow-all (or assumed allow-all for IP-blocks) + if (isIngress && dst.PeerType() == k8s.IPBlockType) || (!isIngress && src.PeerType() == k8s.IPBlockType) { + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.IPDefaultRule, isIngress) + } else { + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.SystemDefaultRule, isIngress) + } return res, nil } diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go index 5340c0cd..b4623f2b 100644 --- a/pkg/netpol/eval/internal/k8s/adminnetpol.go +++ b/pkg/netpol/eval/internal/k8s/adminnetpol.go @@ -398,7 +398,7 @@ func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName str // ruleConnections returns the connectionSet from the current rule.Ports func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, dst Peer, isIngress bool) (*common.ConnectionSet, error) { if ports == nil { // If Ports is not set then the rule does not filter traffic via port. - return common.MakeAllConnectionSetWithRule(ruleName, isIngress), nil + return common.MakeConnectionSetWithRule(true, ruleName, isIngress), nil } res := common.MakeConnectionSet(false) for _, anpPort := range *ports { diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 2f4ec6f6..5a48dd6f 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -157,7 +157,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds if len(rulePorts) == 0 { // If this field is empty or missing, this rule matches all ports // (traffic not restricted by port) - return common.MakeAllConnectionSetWithRule(np.ruleName(ruleIdx, isIngress), isIngress), nil + return common.MakeConnectionSetWithRule(true, np.ruleName(ruleIdx, isIngress), isIngress), nil } res := common.MakeConnectionSet(false) ruleName := np.ruleName(ruleIdx, isIngress) @@ -168,7 +168,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } ports := common.MakePortSet(false) if rulePorts[i].Port == nil { - ports = common.MakePortSet(true) + ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) } else { startPort, endPort, portName, err := np.getPortsRange(rulePorts[i], dst) if err != nil { @@ -207,6 +207,11 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } res.AddConnection(protocol, ports) } + if res.IsEmpty() { + // no connections found --> "named ports" of the rule had no match in the pod config + // remove empty protocols if any + res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamesPortsToDst(ruleName), isIngress) + } return res, nil } @@ -412,6 +417,10 @@ func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) s return fmt.Sprintf("%s//%s "+expl, np.fullName(), xgress, xgress) } +func explNoMatchOfNamesPortsToDst(ruleName string) string { + return fmt.Sprintf("%s (named ports of the rule have no match in the configuration of the dst peer)", ruleName) +} + // GetXgressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer (for Ingress) // or from any captured pod to the dst peer (for Egress) func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { diff --git a/pkg/netpol/eval/internal/k8s/policy_connections.go b/pkg/netpol/eval/internal/k8s/policy_connections.go index dd4e4c6d..edf449c0 100644 --- a/pkg/netpol/eval/internal/k8s/policy_connections.go +++ b/pkg/netpol/eval/internal/k8s/policy_connections.go @@ -45,6 +45,8 @@ func (pc *PolicyConnections) UpdateWithRuleConns(ruleConns *common.ConnectionSet // banpRules indicates if the rules are coming from BANP; flag used to check the rule Actions are valid since: // Unlike AdminNetworkPolicies that enable: "Pass, Deny or Allow" as the action of each rule. // BaselineAdminNetworkPolicies allows only "Allow and Deny" as the action of each rule. + // 'false' in the Union calls below indicates to not collect explainability rules, since in the ANP/BANP level + // rule order defines their precedence, and so each connection may ve defined by at most one rule. switch ruleAction { case string(apisv1a.AdminNetworkPolicyRuleActionAllow): ruleConns.Subtract(pc.DeniedConns) @@ -79,6 +81,8 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti newAdminPolicyConns.PassConns.Subtract(pc.DeniedConns) newAdminPolicyConns.PassConns.Subtract(pc.AllowedConns) // add the new conns from current policy to the connections from the policies with higher precedence + // 'false' in the Union calls below indicates to not collect explainability rules, since in the ANP level + // each connection may ve defined by at most one ANP (according to the precedence). pc.DeniedConns.Union(newAdminPolicyConns.DeniedConns, false) pc.AllowedConns.Union(newAdminPolicyConns.AllowedConns, false) pc.PassConns.Union(newAdminPolicyConns.PassConns, false) @@ -138,7 +142,7 @@ func (pc *PolicyConnections) CollectConnsFromBANP(banpConns *PolicyConnections) newDenied := pc.PassConns.Copy() newDenied.Intersection(banpConns.DeniedConns) // collect implying rules from pc.PassConns and banpConns.DeniedConns newDenied.Subtract(pc.AllowedConns) - pc.DeniedConns.Union(newDenied, true) // 'true' because denied conns are defined by rules from both sides + pc.DeniedConns.Union(newDenied, false) // 'false' because denied conns may be already defined by pc.DeniedConns // the allowed conns are "all conns - the denied conns" // all conns that are not determined by the ANP and BANP are allowed by default, // and are kept in banpConns.AllowedConns (were returned by getXgressDefaultConns) diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index eda3106d..88205025 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -80,22 +80,32 @@ func (rules *ImplyingRulesType) Copy() ImplyingRulesType { } const ( - ExplWithRulesTitle = "due to the following policies//rules:" + ExplString = "due to " + ExplWithRulesTitle = ExplString + "the following policies//rules:" IngressDirectionTitle = "\tINGRESS DIRECTION" EgressDirectionTitle = "\tEGRESS DIRECTION" NewLine = "\n" SpaceSeparator = " " - ExplAllowAll = "(Allow all)" - SystemDefaultRule = "the system default " + ExplAllowAll - ExplSystemDefault = "due to " + SystemDefaultRule + ExplAllowAll = " (Allow all)" + SystemDefaultString = "the system default" + SystemDefaultRule = SystemDefaultString + ExplAllowAll + IPDefaultString = "the assumed default for IPblock" + IPDefaultRule = IPDefaultString + ExplAllowAll + SystemOrIPDefaultRule = SystemDefaultString + " or " + IPDefaultString + ExplAllowAll + ExplSystemDefault = ExplString + SystemDefaultRule PodToItselfRule = "pod to itself " + ExplAllowAll allowResultStr = "ALLOWED" denyResultStr = "DENIED" ) -func (rules *ImplyingXgressRulesType) onlySystemDefaultRule() bool { - if _, ok := rules.Rules[SystemDefaultRule]; ok { - return len(rules.Rules) == 1 +func (rules *ImplyingXgressRulesType) onlyDefaultRule() bool { + if len(rules.Rules) == 1 { + if _, ok := rules.Rules[SystemDefaultRule]; ok { + return true + } + if _, ok := rules.Rules[IPDefaultRule]; ok { + return true + } } return false } @@ -119,39 +129,41 @@ func (rules *ImplyingXgressRulesType) String() string { if rules.Empty() { return rules.resultString() } + onlyDefaultRule := rules.onlyDefaultRule() + // print the rules according to their order formattedRules := make([]string, 0, len(rules.Rules)) for name, order := range rules.Rules { - formattedRules = append(formattedRules, fmt.Sprintf("\t\t%d) %s", order+1, name)) + if onlyDefaultRule { + formattedRules = append(formattedRules, name) + } else { + formattedRules = append(formattedRules, fmt.Sprintf("\t\t%d) %s", order+1, name)) + } } sort.Strings(formattedRules) // the rule index begins the string, like "2)" - return rules.resultString() + NewLine + strings.Join(formattedRules, NewLine) + result := rules.resultString() + if onlyDefaultRule { + result += SpaceSeparator + ExplString + } else { + result += NewLine + } + return result + strings.Join(formattedRules, NewLine) } -func (rules *ImplyingRulesType) OnlySystemDefaultRule() bool { - return rules.Ingress.onlySystemDefaultRule() && rules.Egress.onlySystemDefaultRule() +func (rules *ImplyingRulesType) OnlyDefaultRule() bool { + return rules.Ingress.onlyDefaultRule() && rules.Egress.onlyDefaultRule() } func (rules ImplyingRulesType) String() string { - if rules.OnlySystemDefaultRule() { + if rules.OnlyDefaultRule() { return SpaceSeparator + SystemDefaultRule + NewLine } res := "" if !rules.Egress.Empty() { - res += EgressDirectionTitle - if rules.Egress.onlySystemDefaultRule() { - res += SpaceSeparator + rules.Egress.resultString() + SpaceSeparator + ExplSystemDefault + NewLine - } else { - res += SpaceSeparator + rules.Egress.String() + NewLine - } + res += EgressDirectionTitle + SpaceSeparator + rules.Egress.String() + NewLine } if !rules.Ingress.Empty() { - res += IngressDirectionTitle - if rules.Ingress.onlySystemDefaultRule() { - res += SpaceSeparator + rules.Ingress.resultString() + SpaceSeparator + ExplSystemDefault + NewLine - } else { - res += SpaceSeparator + rules.Ingress.String() + NewLine - } + res += IngressDirectionTitle + SpaceSeparator + rules.Ingress.String() + NewLine } if res == "" { return NewLine diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 9146cdfb..4d77c533 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -41,8 +41,8 @@ func MakeConnectionSet(all bool) *ConnectionSet { return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} } -func MakeAllConnectionSetWithRule(rule string, isIngress bool) *ConnectionSet { - return &ConnectionSet{AllowAll: true, AllowedProtocols: map[v1.Protocol]*PortSet{}, +func MakeConnectionSetWithRule(all bool, rule string, isIngress bool) *ConnectionSet { + return &ConnectionSet{AllowAll: all, AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: MakeImplyingRulesWithRule(rule, isIngress)} } diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index 26318e51..4143e293 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) @@ -113,7 +113,7 @@ ALLOWED UDP:1-65535 due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): 0.0.0.0-255.255.255.255 => bar/my-bar[Pod] 0.0.0.0-255.255.255.255 => baz/my-baz[Pod] 0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index f723b5a5..b89b9f0b 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) @@ -65,7 +65,7 @@ All Connections due to the following policies//rules: 2) [NP] foo/allow-monitoring//Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): 0.0.0.0-255.255.255.255 => bar/my-bar[Pod] 0.0.0.0-255.255.255.255 => baz/my-baz[Pod] 0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt new file mode 100644 index 00000000..a4fdd6b6 --- /dev/null +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -0,0 +1,36 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => helloworld/pod-a[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/new-pod[Deployment] => helloworld/pod-a[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port//Ingress rule #1 (named ports of the rule have no match in the configuration of the dst peer) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => helloworld/new-pod[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] helloworld/enable-ingress-from-named-port//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => helloworld/new-pod[Deployment] +helloworld/new-pod[Deployment] => 0.0.0.0-255.255.255.255 From cd17f644a636486ef4a6adc7e75cf69dd853366e Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 6 Jan 2025 15:57:41 +0200 Subject: [PATCH 06/28] More compact explainability print --- pkg/netpol/connlist/explanation_test.go | 6 +- pkg/netpol/eval/internal/k8s/netpol.go | 6 +- .../internal/common/augmented_intervalset.go | 12 + pkg/netpol/internal/common/connectionset.go | 33 + .../anp_banp_blog_demo_2_explain_output.txt | 15 +- .../connlist/ipblockstest_explain_output.txt | 2432 +++++++++++++++++ 6 files changed, 2487 insertions(+), 17 deletions(-) create mode 100644 test_outputs/connlist/ipblockstest_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 657d21c9..171ac63f 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,6 +48,9 @@ var explainTests = []struct { testDirName string focusWorkload string }{ + { + testDirName: "ipblockstest", + }, { testDirName: "netpol_named_port_test", }, @@ -61,9 +64,6 @@ var explainTests = []struct { testDirName: "anp_banp_blog_demo_2", }, // { - // testDirName: "ipblockstest", - // }, - // { // testDirName: "onlineboutique", // }, // { diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 5a48dd6f..a16e5c52 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -159,14 +159,16 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds // (traffic not restricted by port) return common.MakeConnectionSetWithRule(true, np.ruleName(ruleIdx, isIngress), isIngress), nil } - res := common.MakeConnectionSet(false) ruleName := np.ruleName(ruleIdx, isIngress) + // all protocols are affected by the rule + res := common.MakeConnectionSetWithRule(false, ruleName, isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { protocol = *rulePorts[i].Protocol } - ports := common.MakePortSet(false) + // the whole port range is affected by the rule (not only ports mentioned in the rule) + ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) if rulePorts[i].Port == nil { ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) } else { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 88205025..16346ecb 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -61,6 +61,14 @@ func MakeImplyingRulesWithRule(rule string, isIngress bool) ImplyingRulesType { return res } +func (rules *ImplyingXgressRulesType) Equal(other *ImplyingXgressRulesType) bool { + return fmt.Sprint(rules) == fmt.Sprint(other) +} + +func (rules *ImplyingRulesType) Equal(other *ImplyingRulesType) bool { + return rules.Ingress.Equal(&other.Ingress) && rules.Egress.Equal(&other.Egress) +} + func (rules *ImplyingXgressRulesType) Copy() ImplyingXgressRulesType { if rules == nil { return InitImplyingXgressRules() @@ -314,6 +322,10 @@ func NewAugmentedIntervalWithRules(start, end int64, inSet bool, rules ImplyingR return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: rules.Copy()} } +func (augInt AugmentedInterval) Equal(other AugmentedInterval) bool { + return augInt.inSet == other.inSet && augInt.interval.Equal(other.interval) && augInt.implyingRules.Equal(&other.implyingRules) +} + // AugmentedCanonicalSet is a set of int64 integers, implemented using an ordered slice of non-overlapping, non-touching intervals. // The intervals should include both included intervals and holes; // i.e., start of every interval is the end of a previous interval incremented by 1. diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 4d77c533..2d25be9b 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -362,7 +362,18 @@ func (p *PortRangeData) End() int64 { return p.Interval.interval.End() } +func (p *PortRangeData) isWholeRange() bool { + return p.Start() == MinPort && p.End() == MaxPort +} + +func (p PortRangeData) Equal(other PortRangeData) bool { + return p.Interval.Equal(other.Interval) +} + func (p *PortRangeData) String() string { + if p.isWholeRange() { + return allPortsStr + } if p.End() != p.Start() { return fmt.Sprintf("%d-%d", p.Start(), p.End()) } @@ -405,6 +416,7 @@ const ( connsAndPortRangeSeparator = "," allConnsStr = "All Connections" noConnsStr = "No Connections" + allPortsStr = "[ALL PORTS]" ) func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string { @@ -467,6 +479,10 @@ func protocolAndPortsStr(protocol v1.Protocol, ports string) string { return string(protocol) + SpaceSeparator + ports } +func isWholeRange(ports []PortRange) bool { + return len(ports) == 1 && ports[0].(*PortRangeData).isWholeRange() +} + func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRules ImplyingRulesType, protocolsAndPorts map[v1.Protocol][]PortRange) string { if len(protocolsAndPorts) == 0 { @@ -479,9 +495,26 @@ func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRule var connStr string // connStrings will contain the string of given conns protocols and ports as is connStrings := make([]string, 0, len(protocolsAndPorts)) + // for compact explanation: pick all protocols containing the whole port range + wholeCommonRange := PortRangeData{} + wholeRangeProtocols := make([]string, 0, len(protocolsAndPorts)) for protocol, ports := range protocolsAndPorts { + if isWholeRange(ports) { + if len(wholeRangeProtocols) == 0 { + wholeCommonRange = *ports[0].(*PortRangeData) + wholeRangeProtocols = append(wholeRangeProtocols, string(protocol)) + continue + } else if ports[0].(*PortRangeData).Equal(wholeCommonRange) { + wholeRangeProtocols = append(wholeRangeProtocols, string(protocol)) + continue + } + } connStrings = append(connStrings, portsStringWithExplanation(ports, string(protocol))) } + if len(wholeRangeProtocols) > 0 { + sort.Strings(wholeRangeProtocols) + connStrings = append(connStrings, wholeCommonRange.StringWithExplanation("{"+strings.Join(wholeRangeProtocols, ",")+"}")) + } sort.Strings(connStrings) connStr = strings.Join(connStrings, NewLine) return connStr diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index 4143e293..f099a052 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -25,9 +25,7 @@ No Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: -ALLOWED SCTP:1-65535 the system default (Allow all) - -ALLOWED UDP:1-65535 the system default (Allow all) +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) DENIED TCP:1-1233 due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -60,8 +58,6 @@ ALLOWED TCP:9001-65535 the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: -ALLOWED SCTP:1-65535 the system default (Allow all) - ALLOWED TCP:1-1233 the system default (Allow all) ALLOWED TCP:1234 due to the following policies//rules: @@ -71,16 +67,11 @@ ALLOWED TCP:1234 due to the following policies//rules: ALLOWED TCP:1235-65535 the system default (Allow all) -ALLOWED UDP:1-65535 the system default (Allow all) +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: -ALLOWED SCTP:1-65535 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] foo/allow-monitoring//Ingress rule #1 - ALLOWED TCP:1-1233 due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) @@ -107,7 +98,7 @@ ALLOWED TCP:8081-65535 due to the following policies//rules: INGRESS DIRECTION (ALLOWED) 1) [NP] foo/allow-monitoring//Ingress rule #1 -ALLOWED UDP:1-65535 due to the following policies//rules: +ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] foo/allow-monitoring//Ingress rule #1 diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt new file mode 100644 index 00000000..36480105 --- /dev/null +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -0,0 +1,2432 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +DENIED UDP:1-52 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +ALLOWED UDP:53 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED UDP:54-65535 due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-9.255.255.255 => default/cognetive-agents-agent[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-agents[DaemonSet] +0.0.0.0-9.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +0.0.0.0-9.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +0.0.0.0-9.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system/calico-node[DaemonSet] +0.0.0.0-9.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents-agent[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-agents[DaemonSet] +10.0.0.0-10.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +10.0.0.0-10.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +10.0.0.0-10.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system/calico-node[DaemonSet] +10.0.0.0-10.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents-agent[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents-analyzer[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-agents[DaemonSet] +11.0.0.0-172.20.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +11.0.0.0-172.20.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +11.0.0.0-172.20.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system/calico-node[DaemonSet] +11.0.0.0-172.20.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents-agent[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-agents[DaemonSet] +172.21.0.0-172.21.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.21.0.0-172.21.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.21.0.0-172.21.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system/calico-node[DaemonSet] +172.21.0.0-172.21.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents-agent[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-agents[DaemonSet] +172.22.0.0-172.29.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.22.0.0-172.29.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.22.0.0-172.29.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system/calico-node[DaemonSet] +172.22.0.0-172.29.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents-agent[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-agents[DaemonSet] +172.30.0.0-172.30.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.30.0.0-172.30.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.30.0.0-172.30.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system/calico-node[DaemonSet] +172.30.0.0-172.30.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents-agent[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-agents[DaemonSet] +172.31.0.0-255.255.255.255 => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +172.31.0.0-255.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +172.31.0.0-255.255.255.255 => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system/calico-node[DaemonSet] +172.31.0.0-255.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents-agent[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => default/cognetive-agents[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-agents[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-agents[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cognetive-agents[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-agents[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-agents[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +default/cognetive-agents[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-agents[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cognetive-agents[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-agents[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-agents[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => 0.0.0.0-255.255.255.255 +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => default/cognetive-agents[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => 0.0.0.0-255.255.255.255 +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-agents[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/calico-node[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => 0.0.0.0-255.255.255.255 +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-agents[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/calico-node[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/calico-node[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/calico-node[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents-agent[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents-analyzer[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-agents[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-kube-fluentd[DaemonSet] From 326a88e829f8ad21ad545b4e112feaac218758df Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 6 Jan 2025 16:02:13 +0200 Subject: [PATCH 07/28] Fixed lint error --- pkg/netpol/internal/common/augmented_intervalset.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 16346ecb..e8c1bdf1 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -62,7 +62,7 @@ func MakeImplyingRulesWithRule(rule string, isIngress bool) ImplyingRulesType { } func (rules *ImplyingXgressRulesType) Equal(other *ImplyingXgressRulesType) bool { - return fmt.Sprint(rules) == fmt.Sprint(other) + return rules.String() == other.String() } func (rules *ImplyingRulesType) Equal(other *ImplyingRulesType) bool { From 929c75de031e32f257689b2fc6cd0705cf71d1dc Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 6 Jan 2025 17:06:46 +0200 Subject: [PATCH 08/28] More compact explanation printing. --- .../internal/common/augmented_intervalset.go | 4 + pkg/netpol/internal/common/connectionset.go | 40 ++- .../anp_banp_blog_demo_2_explain_output.txt | 44 +-- .../connlist/ipblockstest_explain_output.txt | 252 ++++-------------- 4 files changed, 105 insertions(+), 235 deletions(-) diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index e8c1bdf1..f313bc87 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -326,6 +326,10 @@ func (augInt AugmentedInterval) Equal(other AugmentedInterval) bool { return augInt.inSet == other.inSet && augInt.interval.Equal(other.interval) && augInt.implyingRules.Equal(&other.implyingRules) } +func (augInt AugmentedInterval) EqualInSetAndRules(other AugmentedInterval) bool { + return augInt.inSet == other.inSet && augInt.implyingRules.Equal(&other.implyingRules) +} + // AugmentedCanonicalSet is a set of int64 integers, implemented using an ordered slice of non-overlapping, non-touching intervals. // The intervals should include both included intervals and holes; // i.e., start of every interval is the end of a previous interval incremented by 1. diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 2d25be9b..9a8dba0c 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -370,6 +370,10 @@ func (p PortRangeData) Equal(other PortRangeData) bool { return p.Interval.Equal(other.Interval) } +func (p PortRangeData) EqualInSetAndRules(other PortRangeData) bool { + return p.Interval.EqualInSetAndRules(other.Interval) +} + func (p *PortRangeData) String() string { if p.isWholeRange() { return allPortsStr @@ -380,12 +384,16 @@ func (p *PortRangeData) String() string { return fmt.Sprintf("%d", p.Start()) } -func (p *PortRangeData) StringWithExplanation(protocolString string) string { +func explOfInSetProtocolPortsAndRules(inSet bool, protocolString, portsString, rulesString string) string { resultStr := allowResultStr - if !p.InSet() { + if !inSet { resultStr = denyResultStr } - return resultStr + SpaceSeparator + protocolString + ":" + p.String() + p.Interval.implyingRules.String() + return resultStr + SpaceSeparator + protocolString + ":" + "[" + portsString + "]" + rulesString +} + +func (p *PortRangeData) StringWithExplanation(protocolString string) string { + return explOfInSetProtocolPortsAndRules(p.InSet(), protocolString, p.String(), p.Interval.implyingRules.String()) } func (p *PortRangeData) InSet() bool { @@ -416,7 +424,7 @@ const ( connsAndPortRangeSeparator = "," allConnsStr = "All Connections" noConnsStr = "No Connections" - allPortsStr = "[ALL PORTS]" + allPortsStr = "ALL PORTS" ) func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string { @@ -467,11 +475,31 @@ func portsString(ports []PortRange) string { return strings.Join(portsStr, connsAndPortRangeSeparator) } +type InSetAndRulesStr struct { + inSet bool + rulesString string +} + func portsStringWithExplanation(ports []PortRange, protocolString string) string { - portsStr := make([]string, 0, len(ports)) + // for compact explanation: collect together ranges with the same 'inSet' and impying rules + portRangeClasses := map[InSetAndRulesStr]*interval.CanonicalSet{} for i := range ports { - portsStr = append(portsStr, ports[i].(*PortRangeData).StringWithExplanation(protocolString)) + portRangeData := ports[i].(*PortRangeData) + thisInSetAndRulesStr := InSetAndRulesStr{portRangeData.Interval.inSet, portRangeData.Interval.implyingRules.String()} + _, ok := portRangeClasses[thisInSetAndRulesStr] + if !ok { + portRangeClasses[thisInSetAndRulesStr] = interval.NewCanonicalSet() + } + portRangeClasses[thisInSetAndRulesStr].AddInterval(portRangeData.Interval.interval) + } + portsStr := make([]string, len(portRangeClasses)) + ind := 0 + for inSetAndRulesStr, intervals := range portRangeClasses { + portsStr[ind] = explOfInSetProtocolPortsAndRules(inSetAndRulesStr.inSet, protocolString, + intervals.String(), inSetAndRulesStr.rulesString) + ind++ } + sort.Strings(portsStr) return strings.Join(portsStr, NewLine) } diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index f099a052..8b48f5a4 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -25,79 +25,57 @@ No Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: -ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) - -DENIED TCP:1-1233 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) - -ALLOWED TCP:1234 due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) -DENIED TCP:1235-8079 due to the following policies//rules: +ALLOWED TCP:[9001-65535] the system default (Allow all) + +DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) -DENIED TCP:8080 due to the following policies//rules: +DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) -DENIED TCP:8081-9000 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) - -ALLOWED TCP:9001-65535 the system default (Allow all) +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: -ALLOWED TCP:1-1233 the system default (Allow all) +ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) -ALLOWED TCP:1234 due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) -ALLOWED TCP:1235-65535 the system default (Allow all) - ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: -ALLOWED TCP:1-1233 due to the following policies//rules: +ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] foo/allow-monitoring//Ingress rule #1 -ALLOWED TCP:1234 due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) -ALLOWED TCP:1235-8079 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] foo/allow-monitoring//Ingress rule #1 - -ALLOWED TCP:8080 due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) 2) [NP] foo/allow-monitoring//Ingress rule #1 -ALLOWED TCP:8081-65535 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] foo/allow-monitoring//Ingress rule #1 - ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index 36480105..0947c377 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -1,17 +1,12 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -24,17 +19,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -47,17 +37,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -70,17 +55,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -93,17 +73,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -116,17 +91,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -139,17 +109,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -218,17 +183,12 @@ No Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -241,17 +201,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -264,17 +219,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -287,17 +237,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -310,17 +255,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -333,17 +273,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -356,17 +291,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -435,17 +365,12 @@ No Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -458,17 +383,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -481,17 +401,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -504,17 +419,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -527,17 +437,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -550,17 +455,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -573,17 +473,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -652,17 +547,12 @@ No Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -675,17 +565,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -698,17 +583,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -721,17 +601,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -744,17 +619,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -767,17 +637,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 @@ -790,17 +655,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -DENIED UDP:1-52 due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 - -ALLOWED UDP:53 due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 -DENIED UDP:54-65535 due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 From ffe247cd711e9c2b5602538e84444848828be391 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 6 Jan 2025 17:46:04 +0200 Subject: [PATCH 09/28] Added more explainability tests. More refined explanation of protocols/ports denied by NPs --- pkg/netpol/connlist/explanation_test.go | 12 +- pkg/netpol/eval/internal/k8s/netpol.go | 16 +- .../connlist/anp_test_10_explain_output.txt | 57 + .../connlist/ipblockstest_explain_output.txt | 112 +- .../onlineboutique_explain_output.txt | 1526 +++++++++++++++++ 5 files changed, 1657 insertions(+), 66 deletions(-) create mode 100644 test_outputs/connlist/anp_test_10_explain_output.txt create mode 100644 test_outputs/connlist/onlineboutique_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 171ac63f..6aa24547 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,15 +48,18 @@ var explainTests = []struct { testDirName string focusWorkload string }{ + { + testDirName: "onlineboutique", + }, + { + testDirName: "anp_test_10", + }, { testDirName: "ipblockstest", }, { testDirName: "netpol_named_port_test", }, - // { - // testDirName: "anp_test_10", - // }, { testDirName: "anp_banp_blog_demo", }, @@ -64,9 +67,6 @@ var explainTests = []struct { testDirName: "anp_banp_blog_demo_2", }, // { - // testDirName: "onlineboutique", - // }, - // { // testDirName: "acs-security-demos", // }, // { diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index a16e5c52..55c4912d 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -161,14 +161,14 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } ruleName := np.ruleName(ruleIdx, isIngress) // all protocols are affected by the rule - res := common.MakeConnectionSetWithRule(false, ruleName, isIngress) + res := common.MakeConnectionSetWithRule(false, explNotReferencedProtocols(ruleName), isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { protocol = *rulePorts[i].Protocol } // the whole port range is affected by the rule (not only ports mentioned in the rule) - ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) + ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), isIngress)) if rulePorts[i].Port == nil { ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) } else { @@ -212,7 +212,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds if res.IsEmpty() { // no connections found --> "named ports" of the rule had no match in the pod config // remove empty protocols if any - res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamesPortsToDst(ruleName), isIngress) + res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamedPortsToDst(ruleName), isIngress) } return res, nil } @@ -419,10 +419,18 @@ func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) s return fmt.Sprintf("%s//%s "+expl, np.fullName(), xgress, xgress) } -func explNoMatchOfNamesPortsToDst(ruleName string) string { +func explNoMatchOfNamedPortsToDst(ruleName string) string { return fmt.Sprintf("%s (named ports of the rule have no match in the configuration of the dst peer)", ruleName) } +func explNotReferencedPorts(ruleName string) string { + return fmt.Sprintf("%s (ports not referenced by the rule)", ruleName) +} + +func explNotReferencedProtocols(ruleName string) string { + return fmt.Sprintf("%s (protocols not referenced by the rule)", ruleName) +} + // GetXgressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer (for Ingress) // or from any captured pod to the dst peer (for Egress) func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt new file mode 100644 index 00000000..1e7e6f2b --- /dev/null +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -0,0 +1,57 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +ALLOWED UDP:[53] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-udp//Egress rule allow-to-gryffindor-at-port-53 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[1-52,54-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp//Egress rule deny-to-gryffindor-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp//Egress rule deny-to-gryffindor-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-udp//Egress rule allow-to-ravenclaw-everything (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +ALLOWED UDP:[1-5352,5354-65535] the system default (Allow all) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-udp//Egress rule deny-to-slytherin-at-port-5353 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +ALLOWED {SCTP,TCP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index 0947c377..36ecbe2a 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -9,12 +9,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -27,12 +27,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -45,12 +45,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -63,12 +63,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -81,12 +81,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -99,12 +99,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -117,12 +117,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -191,12 +191,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -209,12 +209,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -227,12 +227,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -245,12 +245,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -263,12 +263,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -281,12 +281,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -299,12 +299,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -373,12 +373,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -391,12 +391,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -409,12 +409,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -427,12 +427,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -445,12 +445,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -463,12 +463,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -481,12 +481,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -555,12 +555,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -573,12 +573,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -591,12 +591,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -609,12 +609,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -627,12 +627,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -645,12 +645,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -663,12 +663,12 @@ ALLOWED UDP:[53] due to the following policies//rules: DENIED UDP:[1-52,54-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt new file mode 100644 index 00000000..2887d4a3 --- /dev/null +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -0,0 +1,1526 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol//Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol//Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice-netpol//Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol//Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +ALLOWED TCP:[9555] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-netpol//Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol//Ingress rule #2 + +DENIED TCP:[1-7069,7071-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +ALLOWED TCP:[5050] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol//Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol//Ingress rule #2 + +DENIED TCP:[1-6999,7001-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 + +DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Egress rule #7 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol//Ingress rule #2 + +DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #7 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Egress rule #7 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 + +DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => default/redis-cart-78746d49dc[ReplicaSet] +default/redis-cart-78746d49dc[ReplicaSet] => 0.0.0.0-255.255.255.255 From 520ef120923bbfd5fd186dc14b01993a572a7d71 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 7 Jan 2025 11:27:15 +0200 Subject: [PATCH 10/28] Added more explainability tests. Sorting the order of NPs in explainability output --- pkg/netpol/connlist/explanation_test.go | 10 +- pkg/netpol/eval/check.go | 6 + pkg/netpol/eval/internal/k8s/netpol.go | 10 +- .../acs-security-demos_explain_output.txt | 2597 +++++++++++++++++ 4 files changed, 2611 insertions(+), 12 deletions(-) create mode 100644 test_outputs/connlist/acs-security-demos_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 6aa24547..d065f638 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,6 +48,9 @@ var explainTests = []struct { testDirName string focusWorkload string }{ + { + testDirName: "acs-security-demos", + }, { testDirName: "onlineboutique", }, @@ -66,11 +69,4 @@ var explainTests = []struct { { testDirName: "anp_banp_blog_demo_2", }, - // { - // testDirName: "acs-security-demos", - // }, - // { - // testDirName: "acs-security-demos", - // focusWorkload: "ingress-controller", - // }, } diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index a98654f8..c7fe392f 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -9,6 +9,7 @@ package eval import ( "errors" "net" + "sort" "strings" netv1 "k8s.io/api/networking/v1" @@ -103,6 +104,11 @@ func (pe *PolicyEngine) getPoliciesSelectingPod(peer k8s.Peer, direction netv1.P if pe.exposureAnalysisFlag && len(res) > 0 { p.UpdatePodXgressProtectedFlag(direction == netv1.PolicyTypeIngress) } + if pe.explain && len(res) > 0 { + sort.Slice(res, func(i, j int) bool { + return res[i].FullName() < res[j].FullName() + }) + } return res, nil } diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 55c4912d..1e77d7fa 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -416,7 +416,7 @@ func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) s if isIngress { xgress = "Ingress" } - return fmt.Sprintf("%s//%s "+expl, np.fullName(), xgress, xgress) + return fmt.Sprintf("%s//%s "+expl, np.FullName(), xgress, xgress) } func explNoMatchOfNamedPortsToDst(ruleName string) string { @@ -474,11 +474,11 @@ func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (* } func (np *NetworkPolicy) netpolWarning(description string) string { - return fmt.Sprintf("network policy %q: %s", np.fullName(), description) + return fmt.Sprintf("network policy %q: %s", np.FullName(), description) } func (np *NetworkPolicy) netpolErr(title, description string) error { - return fmt.Errorf("network policy %s %s: %s", np.fullName(), title, description) + return fmt.Errorf("network policy %s %s: %s", np.FullName(), title, description) } func (np *NetworkPolicy) parseNetpolCIDR(cidr string, except []string) (*netset.IPBlock, error) { @@ -579,7 +579,7 @@ func (np *NetworkPolicy) Selects(p *Pod, direction netv1.PolicyType) (bool, erro return selector.Matches(labels.Set(p.Labels)), nil } -func (np *NetworkPolicy) fullName() string { +func (np *NetworkPolicy) FullName() string { return "[NP] " + types.NamespacedName{Name: np.Name, Namespace: np.Namespace}.String() } @@ -588,7 +588,7 @@ func (np *NetworkPolicy) ruleName(ruleIdx int, isIngress bool) string { if isIngress { xgress = ingressName } - return fmt.Sprintf("%s//%s rule #%d", np.fullName(), xgress, ruleIdx+1) + return fmt.Sprintf("%s//%s rule #%d", np.FullName(), xgress, ruleIdx+1) } func (np *NetworkPolicy) LogWarnings(l logger.Logger) { diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt new file mode 100644 index 00000000..1e9c26ea --- /dev/null +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -0,0 +1,2597 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress (captured but not selected by any Egress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/notification[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/notification-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/gateway[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Egress rule #4 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/catalog-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Egress rule #2 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/catalog[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/catalog-netpol//Ingress rule #2 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Ingress rule #2 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #2 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/recommendation[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/recommendation-netpol//Ingress rule #3 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #3 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/reports[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/reports-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/shipping[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/shipping-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/mastercard-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/visa-processor[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/checkout[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/notification[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/recommendation[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/reports[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/shipping[Deployment]: + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/mastercard-processor[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/mastercard-processor-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/visa-processor[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] payments/visa-processor-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] payments/gateway-netpol//Egress rule #3 + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/asset-cache//service asset-cache-service + 2) [NP] frontend/asset-cache-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/webapp//service webapp-service + 2) [NP] frontend/webapp-netpol//Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + From 409629a3320b79a9f4632828245c5d1f2255223e Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 7 Jan 2025 13:56:55 +0200 Subject: [PATCH 11/28] Added a comment --- pkg/netpol/eval/check.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index c7fe392f..21afe84f 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -301,6 +301,7 @@ func (pe *PolicyEngine) allAllowedXgressConnections(src, dst k8s.Peer, isIngress } // optimization: if all the conns between src and dst were determined by the ANPs : return the allowed conns if anpCaptured && anpConns.DeterminesAllConns() { + // since NPs/BANPs are not relevant here, perform the subtract below anpConns.AllowedConns.Subtract(anpConns.DeniedConns) // update explainabiliy data return anpConns.AllowedConns, nil } From 48ceb56d55d9054e624f883ca7f1b7f91c0d2c45 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 7 Jan 2025 15:08:00 +0200 Subject: [PATCH 12/28] Sorting together explanations for specific ports and for all ports in a protocol --- pkg/netpol/internal/common/connectionset.go | 6 +++--- .../connlist/anp_banp_blog_demo_2_explain_output.txt | 4 ++-- test_outputs/connlist/anp_test_10_explain_output.txt | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 9a8dba0c..2dcf68ef 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -480,7 +480,7 @@ type InSetAndRulesStr struct { rulesString string } -func portsStringWithExplanation(ports []PortRange, protocolString string) string { +func portsStringWithExplanation(ports []PortRange, protocolString string) []string { // for compact explanation: collect together ranges with the same 'inSet' and impying rules portRangeClasses := map[InSetAndRulesStr]*interval.CanonicalSet{} for i := range ports { @@ -500,7 +500,7 @@ func portsStringWithExplanation(ports []PortRange, protocolString string) string ind++ } sort.Strings(portsStr) - return strings.Join(portsStr, NewLine) + return portsStr } func protocolAndPortsStr(protocol v1.Protocol, ports string) string { @@ -537,7 +537,7 @@ func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRule continue } } - connStrings = append(connStrings, portsStringWithExplanation(ports, string(protocol))) + connStrings = append(connStrings, portsStringWithExplanation(ports, string(protocol))...) } if len(wholeRangeProtocols) > 0 { sort.Strings(wholeRangeProtocols) diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index 8b48f5a4..df3a5b0c 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -32,6 +32,8 @@ ALLOWED TCP:[1234] due to the following policies//rules: ALLOWED TCP:[9001-65535] the system default (Allow all) +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) @@ -43,8 +45,6 @@ DENIED TCP:[8080] due to the following policies//rules: 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) -ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt index 1e7e6f2b..663587a2 100644 --- a/test_outputs/connlist/anp_test_10_explain_output.txt +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -29,13 +29,13 @@ CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[Statefu ALLOWED UDP:[1-5352,5354-65535] the system default (Allow all) +ALLOWED {SCTP,TCP}:[ALL PORTS] the system default (Allow all) + DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [ANP] egress-udp//Egress rule deny-to-slytherin-at-port-5353 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -ALLOWED {SCTP,TCP}:[ALL PORTS] the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] From 4686e3ea45de08301626cfef2587c7811df29759 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 7 Jan 2025 15:27:51 +0200 Subject: [PATCH 13/28] Added more tests --- pkg/netpol/connlist/explanation_test.go | 9 ++++ ...networks_and_nodes_test_explain_output.txt | 54 +++++++++++++++++++ ...with_named_port_matched_explain_output.txt | 35 ++++++++++++ ...th_named_port_unmatched_explain_output.txt | 24 +++++++++ 4 files changed, 122 insertions(+) create mode 100644 test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt create mode 100644 test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt create mode 100644 test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index d065f638..a890794f 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -69,4 +69,13 @@ var explainTests = []struct { { testDirName: "anp_banp_blog_demo_2", }, + { + testDirName: "anp_and_banp_using_networks_and_nodes_test", + }, + { + testDirName: "anp_banp_test_with_named_port_matched", + }, + { + testDirName: "anp_banp_test_with_named_port_unmatched", + }, } diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt new file mode 100644 index 00000000..127ae912 --- /dev/null +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -0,0 +1,54 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-peer-1//Egress rule deny-egress (Deny) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-peer-1//Egress rule allow-egress (Allow) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-peer-1//Egress rule deny-egress (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns3/pod1[Deployment]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-peer-1//Egress rule allow-egress (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => ns1/pod1[Deployment] +0.0.0.0-255.255.255.255 => ns2/pod1[Deployment] +0.0.0.0-255.255.255.255 => ns3/pod1[Deployment] +ns1/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns1/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns1/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns2/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns2/pod1[Deployment] => 104.154.164.160-104.154.164.160 +ns2/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns2/pod1[Deployment] => 104.154.164.170-104.154.164.170 +ns2/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns2/pod1[Deployment] => ns1/pod1[Deployment] +ns2/pod1[Deployment] => ns3/pod1[Deployment] +ns3/pod1[Deployment] => 0.0.0.0-104.154.164.159 +ns3/pod1[Deployment] => 104.154.164.160-104.154.164.160 +ns3/pod1[Deployment] => 104.154.164.161-104.154.164.169 +ns3/pod1[Deployment] => 104.154.164.170-104.154.164.170 +ns3/pod1[Deployment] => 104.154.164.171-255.255.255.255 +ns3/pod1[Deployment] => ns1/pod1[Deployment] +ns3/pod1[Deployment] => ns2/pod1[Deployment] diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt new file mode 100644 index 00000000..376e591a --- /dev/null +++ b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt @@ -0,0 +1,35 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] pass-example//Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default//Egress rule deny-all-egress-to-slytherin (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +ALLOWED TCP:[80] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-example//Ingress rule allow-ingress-from-slytherin-on-named-port (Allow) + +DENIED TCP:[1-79,81-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt new file mode 100644 index 00000000..cbb02942 --- /dev/null +++ b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt @@ -0,0 +1,24 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] pass-example//Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default//Egress rule deny-all-egress-to-slytherin (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] +0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] +network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 From 710077a3a13c9a6870458d31b4fbdf8dba929d24 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 13 Jan 2025 18:07:19 +0200 Subject: [PATCH 14/28] Added more delicate collect/override implying rules mechanism (considering also rules layer) Added new explaination test. --- pkg/netpol/connlist/connlist.go | 2 +- pkg/netpol/connlist/explanation_test.go | 3 + .../ingressanalyzer/ingress_analyzer.go | 2 +- pkg/netpol/eval/check.go | 8 +- pkg/netpol/eval/internal/k8s/adminnetpol.go | 19 +- pkg/netpol/eval/internal/k8s/netpol.go | 18 +- pkg/netpol/eval/internal/k8s/pod.go | 2 +- .../eval/internal/k8s/policy_connections.go | 9 +- .../internal/common/augmented_intervalset.go | 185 +++++++------- pkg/netpol/internal/common/connectionset.go | 12 +- pkg/netpol/internal/common/portset.go | 8 +- .../connlist/anp_demo_explain_output.txt | 225 ++++++++++++++++++ 12 files changed, 366 insertions(+), 127 deletions(-) create mode 100644 test_outputs/connlist/anp_demo_explain_output.txt diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 2c601b96..14f0219b 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -365,7 +365,7 @@ func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.Connection for _, p := range portRangeArr { augmentedRange := p.(*common.PortRangeData) // we cannot fill explainability data here, so we pass an empty rule name and an arbitrary direction (isIngress being true) - protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), augmentedRange.InSet(), "", true) + protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), augmentedRange.InSet(), "", common.DefaultLayer, true) } } connectionSet := &common.ConnectionSet{AllowAll: c.AllProtocolsAndPorts(), AllowedProtocols: protocolsToPortSetMap} diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index a890794f..9565e751 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -48,6 +48,9 @@ var explainTests = []struct { testDirName string focusWorkload string }{ + { + testDirName: "anp_demo", + }, { testDirName: "acs-security-demos", }, diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index c6c488b2..e2557181 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -376,7 +376,7 @@ func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServic if peerTCPConn.Contains(strconv.Itoa(portNum), string(corev1.ProtocolTCP)) { permittedPort := common.MakePortSet(false) - permittedPort.AddPort(intstr.FromInt(portNum), common.MakeImplyingRulesWithRule(ruleName, true)) + permittedPort.AddPort(intstr.FromInt(portNum), common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, true)) res.AddConnection(corev1.ProtocolTCP, permittedPort) } } diff --git a/pkg/netpol/eval/check.go b/pkg/netpol/eval/check.go index 21afe84f..2b2feabd 100644 --- a/pkg/netpol/eval/check.go +++ b/pkg/netpol/eval/check.go @@ -253,8 +253,8 @@ func (pe *PolicyEngine) allAllowedConnectionsBetweenPeers(srcPeer, dstPeer Peer) // cases where any connection is always allowed if isPodToItself(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(srcK8sPeer, dstK8sPeer) || isPeerNodeIP(dstK8sPeer, srcK8sPeer) { res = common.MakeConnectionSet(true) - res.AddCommonImplyingRule(common.PodToItselfRule, true) - res.AddCommonImplyingRule(common.PodToItselfRule, false) + res.AddCommonImplyingRule(common.PodToItselfRule, common.DefaultLayer, true) + res.AddCommonImplyingRule(common.PodToItselfRule, common.DefaultLayer, false) return res, nil } // egress: get egress allowed connections between the src and dst by @@ -552,9 +552,9 @@ func (pe *PolicyEngine) getXgressDefaultConns(src, dst k8s.Peer, isIngress bool) // if banp rule captured xgress conn, only DeniedConns should be impacted by banp rule, // whenever AllowedConns should anyway be system-default: allow-all (or assumed allow-all for IP-blocks) if (isIngress && dst.PeerType() == k8s.IPBlockType) || (!isIngress && src.PeerType() == k8s.IPBlockType) { - res.AllowedConns = common.MakeConnectionSetWithRule(true, common.IPDefaultRule, isIngress) + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.IPDefaultRule, common.DefaultLayer, isIngress) } else { - res.AllowedConns = common.MakeConnectionSetWithRule(true, common.SystemDefaultRule, isIngress) + res.AllowedConns = common.MakeConnectionSetWithRule(true, common.SystemDefaultRule, common.DefaultLayer, isIngress) } return res, nil } diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go index b4623f2b..f8526c85 100644 --- a/pkg/netpol/eval/internal/k8s/adminnetpol.go +++ b/pkg/netpol/eval/internal/k8s/adminnetpol.go @@ -386,7 +386,7 @@ func updateConnsIfIngressRuleSelectsPeer(rulePeers []apisv1a.AdminNetworkPolicyI func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName string, policyConns *PolicyConnections, dst Peer, action string, isBANPrule, isIngress bool) error { // get rule connections from rulePorts - ruleConns, err := ruleConnections(rulePorts, ruleName, dst, isIngress) + ruleConns, err := ruleConnections(rulePorts, ruleName, isBANPrule, dst, isIngress) if err != nil { return err } @@ -396,9 +396,16 @@ func updatePolicyConns(rulePorts *[]apisv1a.AdminNetworkPolicyPort, ruleName str } // ruleConnections returns the connectionSet from the current rule.Ports -func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, dst Peer, isIngress bool) (*common.ConnectionSet, error) { +func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, + isBANPrule bool, dst Peer, isIngress bool) (*common.ConnectionSet, error) { + var layer common.LayerType + if isBANPrule { + layer = common.BANPLayer + } else { + layer = common.ANPLayer + } if ports == nil { // If Ports is not set then the rule does not filter traffic via port. - return common.MakeConnectionSetWithRule(true, ruleName, isIngress), nil + return common.MakeConnectionSetWithRule(true, ruleName, layer, isIngress), nil } res := common.MakeConnectionSet(false) for _, anpPort := range *ports { @@ -412,7 +419,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, d if anpPort.PortNumber.Protocol != "" { protocol = anpPort.PortNumber.Protocol } - portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port), common.MakeImplyingRulesWithRule(ruleName, isIngress)) + portSet.AddPort(intstr.FromInt32(anpPort.PortNumber.Port), common.MakeImplyingRulesWithRule(ruleName, layer, isIngress)) case anpPort.NamedPort != nil: if dst.PeerType() == IPBlockType { // IPblock does not have named-ports defined, warn and continue @@ -427,7 +434,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, d if podProtocol != "" { protocol = v1.Protocol(podProtocol) } - portSet.AddPort(intstr.FromInt32(podPort), common.MakeImplyingRulesWithRule(ruleName, isIngress)) + portSet.AddPort(intstr.FromInt32(podPort), common.MakeImplyingRulesWithRule(ruleName, layer, isIngress)) case anpPort.PortRange != nil: if anpPort.PortRange.Protocol != "" { protocol = anpPort.PortRange.Protocol @@ -436,7 +443,7 @@ func ruleConnections(ports *[]apisv1a.AdminNetworkPolicyPort, ruleName string, d // illegal: rule with empty range; (start/ end not in the legal range or end < start) return nil, errors.New(alerts.IllegalPortRangeError(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End))) } - portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End), true, ruleName, isIngress) + portSet.AddPortRange(int64(anpPort.PortRange.Start), int64(anpPort.PortRange.End), true, ruleName, layer, isIngress) } res.AddConnection(protocol, portSet) } diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 1e77d7fa..14888deb 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -157,20 +157,20 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds if len(rulePorts) == 0 { // If this field is empty or missing, this rule matches all ports // (traffic not restricted by port) - return common.MakeConnectionSetWithRule(true, np.ruleName(ruleIdx, isIngress), isIngress), nil + return common.MakeConnectionSetWithRule(true, np.ruleName(ruleIdx, isIngress), common.NPLayer, isIngress), nil } ruleName := np.ruleName(ruleIdx, isIngress) // all protocols are affected by the rule - res := common.MakeConnectionSetWithRule(false, explNotReferencedProtocols(ruleName), isIngress) + res := common.MakeConnectionSetWithRule(false, explNotReferencedProtocols(ruleName), common.NPLayer, isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { protocol = *rulePorts[i].Protocol } // the whole port range is affected by the rule (not only ports mentioned in the rule) - ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), isIngress)) + ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), common.NPLayer, isIngress)) if rulePorts[i].Port == nil { - ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, isIngress)) + ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { startPort, endPort, portName, err := np.getPortsRange(rulePorts[i], dst) if err != nil { @@ -194,7 +194,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds // 4- in order to get a connection from any pod to an ip dst (will not get here, as named ports are not defined for ip-blocks) if dst == nil || isPeerRepresentative(dst) { // (1 & 2) // adding portName string to the portSet - ports.AddPort(intstr.FromString(portName), common.MakeImplyingRulesWithRule(ruleName, isIngress)) + ports.AddPort(intstr.FromString(portName), common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { // dst is a real pod (3) // add a warning that the "named port" of the rule is ignored, since it has no match in the pod config. np.saveNetpolWarning(np.netpolWarning(alerts.WarnUnmatchedNamedPort(portName, dst.String()))) @@ -204,7 +204,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } } else { // if !isEmptyPortRange(startPort, endPort) (the other valid result) - ports.AddPortRange(startPort, endPort, true, ruleName, isIngress) + ports.AddPortRange(startPort, endPort, true, ruleName, common.NPLayer, isIngress) } } res.AddConnection(protocol, ports) @@ -212,7 +212,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds if res.IsEmpty() { // no connections found --> "named ports" of the rule had no match in the pod config // remove empty protocols if any - res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamedPortsToDst(ruleName), isIngress) + res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamedPortsToDst(ruleName), common.NPLayer, isIngress) } return res, nil } @@ -436,7 +436,7 @@ func explNotReferencedProtocols(ruleName string) string { func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { res := common.MakeConnectionSet(false) if (isIngress && len(np.Spec.Ingress) == 0) || (!isIngress && len(np.Spec.Egress) == 0) { - res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, NoXgressRulesExpl), isIngress) + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, NoXgressRulesExpl), common.NPLayer, isIngress) return res, nil } peerSelectedByAnyRule := false @@ -468,7 +468,7 @@ func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (* } } if !peerSelectedByAnyRule { - res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, CapturedButNotSelectedExpl), isIngress) + res.AddCommonImplyingRule(np.nameWithDirectionAndExpl(isIngress, CapturedButNotSelectedExpl), common.NPLayer, isIngress) } return res, nil } diff --git a/pkg/netpol/eval/internal/k8s/pod.go b/pkg/netpol/eval/internal/k8s/pod.go index f02ea3ac..344ffee2 100644 --- a/pkg/netpol/eval/internal/k8s/pod.go +++ b/pkg/netpol/eval/internal/k8s/pod.go @@ -270,7 +270,7 @@ func (pod *Pod) PodExposedTCPConnections() *common.ConnectionSet { protocol := corev1.ProtocolTCP if cPort.Protocol == "" || protocol == corev1.ProtocolTCP { ports := common.MakePortSet(false) - ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort), true, "", true) + ports.AddPortRange(int64(cPort.ContainerPort), int64(cPort.ContainerPort), true, "", common.DefaultLayer, true) res.AddConnection(protocol, ports) } } diff --git a/pkg/netpol/eval/internal/k8s/policy_connections.go b/pkg/netpol/eval/internal/k8s/policy_connections.go index edf449c0..1d7f7647 100644 --- a/pkg/netpol/eval/internal/k8s/policy_connections.go +++ b/pkg/netpol/eval/internal/k8s/policy_connections.go @@ -90,9 +90,12 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti // ComplementPassConns complements pass connections to all connections (by adding the absent conections) func (pc *PolicyConnections) ComplementPassConns() { - defaultPassConn := NewPolicyConnections() - defaultPassConn.PassConns = common.MakeConnectionSet(true) - pc.CollectANPConns(defaultPassConn) + defaultPassConn := common.MakeConnectionSet(true) + defaultPassConn.Subtract(pc.AllowedConns) + defaultPassConn.Subtract(pc.DeniedConns) + // 'GetEquivalentCanonicalConnectionSet' below removes implying rules + // (we don't collect implying rules for default pass connections) + pc.PassConns.Union(defaultPassConn.GetEquivalentCanonicalConnectionSet(), false) } // CollectAllowedConnsFromNetpols updates allowed conns of current PolicyConnections object with allowed connections from diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index f313bc87..946d2672 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -16,6 +16,15 @@ import ( "github.com/np-guard/models/pkg/interval" ) +type LayerType int + +const ( + DefaultLayer = iota + BANPLayer + NPLayer + ANPLayer +) + type ExplResultType int const ( @@ -26,7 +35,10 @@ const ( type ImplyingXgressRulesType struct { Rules map[string]int - // Result will keep the final connectivity decision which follows from the above rules + // DominantLayer keeps the highest priority layer among the current rules; + // used in combination with collectRulesType flag (on 'DontCollect' value) in updateImplyingRules + DominantLayer LayerType + // Result keeps the final connectivity decision which follows from the above rules // (allow, deny or not set) // It is used for specifying explainability decision per direction (Egress/Ingress) Result ExplResultType @@ -38,12 +50,12 @@ type ImplyingRulesType struct { } func InitImplyingXgressRules() ImplyingXgressRulesType { - return ImplyingXgressRulesType{Rules: map[string]int{}, Result: NoResult} + return ImplyingXgressRulesType{Rules: map[string]int{}, DominantLayer: DefaultLayer, Result: NoResult} } -func MakeImplyingXgressRulesWithRule(rule string) ImplyingXgressRulesType { +func MakeImplyingXgressRulesWithRule(rule string, layer LayerType) ImplyingXgressRulesType { res := InitImplyingXgressRules() - res.AddXgressRule(rule) + res.AddXgressRule(rule, layer) return res } @@ -51,12 +63,12 @@ func InitImplyingRules() ImplyingRulesType { return ImplyingRulesType{Ingress: InitImplyingXgressRules(), Egress: InitImplyingXgressRules()} } -func MakeImplyingRulesWithRule(rule string, isIngress bool) ImplyingRulesType { +func MakeImplyingRulesWithRule(rule string, layer LayerType, isIngress bool) ImplyingRulesType { res := InitImplyingRules() if isIngress { - res.Ingress = MakeImplyingXgressRulesWithRule(rule) + res.Ingress = MakeImplyingXgressRulesWithRule(rule, layer) } else { - res.Egress = MakeImplyingXgressRulesWithRule(rule) + res.Egress = MakeImplyingXgressRulesWithRule(rule, layer) } return res } @@ -73,7 +85,7 @@ func (rules *ImplyingXgressRulesType) Copy() ImplyingXgressRulesType { if rules == nil { return InitImplyingXgressRules() } - res := ImplyingXgressRulesType{Rules: map[string]int{}, Result: rules.Result} + res := ImplyingXgressRulesType{Rules: map[string]int{}, DominantLayer: rules.DominantLayer, Result: rules.Result} for k, v := range rules.Rules { res.Rules[k] = v } @@ -107,15 +119,7 @@ const ( ) func (rules *ImplyingXgressRulesType) onlyDefaultRule() bool { - if len(rules.Rules) == 1 { - if _, ok := rules.Rules[SystemDefaultRule]; ok { - return true - } - if _, ok := rules.Rules[IPDefaultRule]; ok { - return true - } - } - return false + return len(rules.Rules) == 1 && rules.DominantLayer == DefaultLayer } func formattedExpl(expl string) string { @@ -190,19 +194,20 @@ func (rules ImplyingRulesType) Empty(isIngress bool) bool { return rules.Egress.Empty() } -func (rules *ImplyingXgressRulesType) AddXgressRule(ruleName string) { +func (rules *ImplyingXgressRulesType) AddXgressRule(ruleName string, ruleLayer LayerType) { if ruleName != "" { if _, ok := rules.Rules[ruleName]; !ok { rules.Rules[ruleName] = len(rules.Rules) // a new rule should be the last } + rules.DominantLayer = max(rules.DominantLayer, ruleLayer) } } -func (rules *ImplyingRulesType) AddRule(ruleName string, isIngress bool) { +func (rules *ImplyingRulesType) AddRule(ruleName string, ruleLayer LayerType, isIngress bool) { if isIngress { - rules.Ingress.AddXgressRule(ruleName) + rules.Ingress.AddXgressRule(ruleName, ruleLayer) } else { - rules.Egress.AddXgressRule(ruleName) + rules.Egress.AddXgressRule(ruleName, ruleLayer) } } @@ -225,10 +230,18 @@ func (rules *ImplyingRulesType) SetResult(isAllowed, isIngress bool) { } } +// Union collects others' implying rules into the current ones if 'collectRules' flag if true; +// otherwise, it keeps the current rules or overrides them by others', depending on DominantLayer (or when empty). +// The DominantLayer special case is used in order to preserve higher-priority rules. func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, collectRules bool) { + if other.Empty() { + return + } if !collectRules { - if rules.Empty() { + if rules.Empty() || rules.DominantLayer < other.DominantLayer { + // current rules are empty or lower priority --> override by other *rules = other.Copy() + rules.DominantLayer = other.DominantLayer } return } @@ -246,6 +259,7 @@ func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, colle rules.Rules[name] = order + offset // other rules should be addded after the current rules } } + rules.DominantLayer = max(rules.DominantLayer, other.DominantLayer) // update Result if set if other.Result != NoResult { rules.SetXgressResult(other.Result == AllowResult) @@ -254,7 +268,7 @@ func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, colle func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, collectRules bool) bool { if !collectRules { - return rules.Empty() && !other.Empty() + return (rules.Empty() && !other.Empty()) || rules.DominantLayer < other.DominantLayer } for name := range other.Rules { if _, ok := rules.Rules[name]; !ok { @@ -269,30 +283,16 @@ func (rules *ImplyingRulesType) Union(other ImplyingRulesType, collectRules bool rules.Egress.Union(other.Egress, collectRules) } -func (rules *ImplyingRulesType) onlyIngressDirection() bool { - return !rules.Ingress.Empty() && rules.Egress.Empty() -} - -func (rules *ImplyingRulesType) onlyEgressDirection() bool { - return rules.Ingress.Empty() && !rules.Egress.Empty() -} - -// OverrideUnlessOppositeDirections checks whether rules and other contain only rules of opposite directions -// (one of them only Ingress and another only Egress). -// This happens when performing intersection between ingress and egress connections. -// In this case the function preserves implying rules of both directions (for detailed explainability report). -// If this is not the case of 'opposite durections' scenario, the function overrides current implying rules by others'. -func (rules *ImplyingRulesType) OverrideUnlessOppositeDirections(other ImplyingRulesType) { - switch { - case rules.onlyIngressDirection() && other.onlyEgressDirection(): - // opposite directions (Ingress in rules and Egress in other) -> keep Ingress, copy Egress - rules.Egress = other.Egress.Copy() - case rules.onlyEgressDirection() && other.onlyIngressDirection(): - // opposite directions (Egress in rules and Ingress in other) -> keep Egress, copy Ingress - rules.Ingress = other.Ingress.Copy() - default: - // this is not the case of opposite directions -> override everything +// OverrideOrCollectOtherwise overrides current implying rules by others' if 'overrideRules' flag if true; +// otherwise, it collects others' implying rules into the current ones. +// It is used when updating implying rules (updateImplyingRules()) while adding a new interval (AddAugmentedInterval()), +// in the case that 'inSet' changes. +// A special case of collect is used when AddAugmentedInterval() is called with AlwaysCollect flag from Intersect(). +func (rules *ImplyingRulesType) OverrideOrCollectOtherwise(other ImplyingRulesType, overrideRules bool) { + if overrideRules { *rules = other.Copy() + } else { + rules.Union(other, true) } } @@ -314,8 +314,8 @@ func NewAugmentedInterval(start, end int64, inSet bool) AugmentedInterval { return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: InitImplyingRules()} } -func NewAugmentedIntervalWithRule(start, end int64, inSet bool, rule string, isIngress bool) AugmentedInterval { - return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: MakeImplyingRulesWithRule(rule, isIngress)} +func NewAugmentedIntervalWithRule(start, end int64, inSet bool, rule string, layer LayerType, isIngress bool) AugmentedInterval { + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} } func NewAugmentedIntervalWithRules(start, end int64, inSet bool, rules ImplyingRulesType) AugmentedInterval { @@ -326,10 +326,6 @@ func (augInt AugmentedInterval) Equal(other AugmentedInterval) bool { return augInt.inSet == other.inSet && augInt.interval.Equal(other.interval) && augInt.implyingRules.Equal(&other.implyingRules) } -func (augInt AugmentedInterval) EqualInSetAndRules(other AugmentedInterval) bool { - return augInt.inSet == other.inSet && augInt.implyingRules.Equal(&other.implyingRules) -} - // AugmentedCanonicalSet is a set of int64 integers, implemented using an ordered slice of non-overlapping, non-touching intervals. // The intervals should include both included intervals and holes; // i.e., start of every interval is the end of a previous interval incremented by 1. @@ -480,11 +476,35 @@ func (c *AugmentedCanonicalSet) Equal(other *AugmentedCanonicalSet) bool { return true } +type CollectRulesType int + +const ( + // DontCollect: when adding a new interval, never collect impying rules for intervals in which 'inSet' status persists; + // instead, keep current rules or substutute them by new ones, according to a higher DominantLayer + DontCollect CollectRulesType = iota + // SimpleCollect: when adding a new interval, collect impying rules for intervals in which 'inSet' status persists + SimpleCollect + // AlwaysCollect: when adding a new interval, always collect impying rules (even if 'inSet' status changes); used in Intersect() + AlwaysCollect +) + +func updateImplyingRules(currInterval, newInterval AugmentedInterval, collectRulesType CollectRulesType) ImplyingRulesType { + newImplyingRules := currInterval.implyingRules.Copy() + if currInterval.inSet == newInterval.inSet { + // 'inSet' persists --> collect rules if not specified otherwise by DontCollect + newImplyingRules.Union(newInterval.implyingRules, collectRulesType != DontCollect) + } else { + // 'inSet' changes --> override rules if not specified otherwise by AlwaysCollect + newImplyingRules.OverrideOrCollectOtherwise(newInterval.implyingRules, collectRulesType != AlwaysCollect) + } + return newImplyingRules +} + // AddAugmentedInterval adds a new interval/hole to the set, // and updates the implying rules accordingly // //gocyclo:ignore -func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectRules bool) { +func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectRulesType CollectRulesType) { if v.interval.Start() < c.MinValue() || v.interval.End() > c.MaxValue() { log.Panic(errOutOfRangeInterval) } @@ -504,51 +524,32 @@ func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collec // handle the left-hand side of the intersection of v with set if v.interval.Start() > set[left].interval.Start() && - (set[left].inSet != v.inSet || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + (set[left].inSet != v.inSet || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { // split set[left] into two intervals, while the implying rules of the second interval should get the new value (from v) new1 := AugmentedInterval{interval: interval.New(set[left].interval.Start(), v.interval.Start()-1), inSet: set[left].inSet, implyingRules: set[left].implyingRules.Copy()} - newImplyingRules := set[left].implyingRules.Copy() - if set[left].inSet == v.inSet { - newImplyingRules.Union(v.implyingRules, collectRules) - } else { - newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) - } new2 := AugmentedInterval{interval: interval.New(v.interval.Start(), min(set[left].interval.End(), v.interval.End())), - inSet: v.inSet, implyingRules: newImplyingRules} + inSet: v.inSet, implyingRules: updateImplyingRules(set[left], v, collectRulesType)} result = append(result, new1, new2) left++ } for ind := left; ind <= right; ind++ { if ind == right && v.interval.End() < set[right].interval.End() && - (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { break // this is the corner case handled following the loop below } - newImplyingRules := set[ind].implyingRules.Copy() - if set[ind].inSet == v.inSet { - // this interval is not impacted by v; - // however, its implying rules may be updated by those of v. - newImplyingRules.Union(v.implyingRules, collectRules) - } else { - newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) - } - result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, implyingRules: newImplyingRules}) + result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, + implyingRules: updateImplyingRules(set[ind], v, collectRulesType)}) } // handle the right-hand side of the intersection of v with set if v.interval.End() < set[right].interval.End() && - (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRules)) { + (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { // split set[right] into two intervals, while the implying rules of the first interval should get the new value (from v) if left < right || (left == right && v.interval.Start() == set[left].interval.Start()) { // a special case when left==right (i.e., v is included in one interval from set) was already handled // at the left-hand side of the intersection of v with set - newImplyingRules := set[right].implyingRules.Copy() - if set[right].inSet == v.inSet { - newImplyingRules.Union(v.implyingRules, collectRules) - } else { - newImplyingRules.OverrideUnlessOppositeDirections(v.implyingRules) - } new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), - inSet: v.inSet, implyingRules: newImplyingRules} + inSet: v.inSet, implyingRules: updateImplyingRules(set[right], v, collectRulesType)} result = append(result, new1) } new2 := AugmentedInterval{interval: interval.New(v.interval.End()+1, set[right].interval.End()), @@ -583,28 +584,32 @@ func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectRules if c == other { return c.Copy() } + collectRulesType := DontCollect + if collectRules { + collectRulesType = SimpleCollect + } // first, we add all 'out of set' intervals from both sets // then, we add all 'in set' intervals from both sets // this way we get the effect of union, while preserving all relevant implying rules res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, collectRules) + res.AddAugmentedInterval(left, collectRulesType) } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, collectRules) + res.AddAugmentedInterval(right, collectRulesType) } } for _, left := range c.intervalSet { if left.inSet { - res.AddAugmentedInterval(left, collectRules) + res.AddAugmentedInterval(left, collectRulesType) } } for _, right := range other.intervalSet { if right.inSet { - res.AddAugmentedInterval(right, collectRules) + res.AddAugmentedInterval(right, collectRulesType) } } return res @@ -617,7 +622,7 @@ func (c *AugmentedCanonicalSet) Copy() *AugmentedCanonicalSet { func (c *AugmentedCanonicalSet) Contains(n int64) bool { otherSet := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) - otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), false) + otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), DontCollect) return otherSet.ContainedIn(c) } @@ -669,22 +674,22 @@ func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *Augment res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) for _, left := range c.intervalSet { if left.inSet { - res.AddAugmentedInterval(left, true) // collect implying rules allowed by both sets + res.AddAugmentedInterval(left, AlwaysCollect) // collect implying rules allowed by both sets } } for _, right := range other.intervalSet { if right.inSet { - res.AddAugmentedInterval(right, true) // collect implying rules allowed by both sets + res.AddAugmentedInterval(right, AlwaysCollect) // collect implying rules allowed by both sets } } for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, true) // collect implying rules allowed by both sets + res.AddAugmentedInterval(left, AlwaysCollect) // collect implying rules allowed by both sets } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, true) // collect implying rules allowed by both sets + res.AddAugmentedInterval(right, AlwaysCollect) // collect implying rules allowed by both sets } } return res @@ -727,7 +732,7 @@ func (c *AugmentedCanonicalSet) Subtract(other *AugmentedCanonicalSet) *Augmente if interval.inSet { hole := interval hole.inSet = false - res.AddAugmentedInterval(hole, false) + res.AddAugmentedInterval(hole, DontCollect) } } return res @@ -760,7 +765,7 @@ func (c *AugmentedCanonicalSet) GetEquivalentCanonicalAugmentedSet() *AugmentedC res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) interv, index := c.nextIncludedInterval(0) for index != NoIndex { - res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), false) + res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), DontCollect) interv, index = c.nextIncludedInterval(index + 1) } return res diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 2dcf68ef..051681a9 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -41,14 +41,14 @@ func MakeConnectionSet(all bool) *ConnectionSet { return &ConnectionSet{AllowedProtocols: map[v1.Protocol]*PortSet{}, CommonImplyingRules: InitImplyingRules()} } -func MakeConnectionSetWithRule(all bool, rule string, isIngress bool) *ConnectionSet { +func MakeConnectionSetWithRule(all bool, rule string, layer LayerType, isIngress bool) *ConnectionSet { return &ConnectionSet{AllowAll: all, AllowedProtocols: map[v1.Protocol]*PortSet{}, - CommonImplyingRules: MakeImplyingRulesWithRule(rule, isIngress)} + CommonImplyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} } // Add common implying rule, i.e., a rule that is relevant for the whole ConnectionSet -func (conn *ConnectionSet) AddCommonImplyingRule(implyingRule string, isIngress bool) { - conn.CommonImplyingRules.AddRule(implyingRule, isIngress) +func (conn *ConnectionSet) AddCommonImplyingRule(implyingRule string, layer LayerType, isIngress bool) { + conn.CommonImplyingRules.AddRule(implyingRule, layer, isIngress) } func (conn *ConnectionSet) GetEquivalentCanonicalConnectionSet() *ConnectionSet { @@ -370,10 +370,6 @@ func (p PortRangeData) Equal(other PortRangeData) bool { return p.Interval.Equal(other.Interval) } -func (p PortRangeData) EqualInSetAndRules(other PortRangeData) bool { - return p.Interval.EqualInSetAndRules(other.Interval) -} - func (p *PortRangeData) String() string { if p.isWholeRange() { return allPortsStr diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index 11d57c88..a517a5e0 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -102,7 +102,7 @@ func (p *PortSet) AddPort(port intstr.IntOrString, implyingRules ImplyingRulesTy p.NamedPorts[port.StrVal] = theRules delete(p.ExcludedNamedPorts, port.StrVal) } else { - p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), true) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), SimpleCollect) } } @@ -112,13 +112,13 @@ func (p *PortSet) RemovePort(port intstr.IntOrString) { p.ExcludedNamedPorts[port.StrVal] = p.NamedPorts[port.StrVal] delete(p.NamedPorts, port.StrVal) } else { - p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), false) + p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), DontCollect) } } // AddPortRange: update current PortSet object with new added port range as allowed -func (p *PortSet) AddPortRange(minPort, maxPort int64, inSet bool, fromRule string, isIngress bool) { - p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, isIngress), true) +func (p *PortSet) AddPortRange(minPort, maxPort int64, inSet bool, fromRule string, layer LayerType, isIngress bool) { + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, layer, isIngress), SimpleCollect) } // Union: update current PortSet object with union of input PortSet object diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt new file mode 100644 index 00000000..079e1e32 --- /dev/null +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -0,0 +1,225 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +ALLOWED SCTP:[9003] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +ALLOWED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED SCTP:[1-9002,9004-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[1-52,54-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[53] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-hufflepuff//Ingress rule allow-from-gryffindor-at-port-53 (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +ALLOWED UDP:[52] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 + +DENIED UDP:[1-51,53-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +ALLOWED SCTP:[1-9002,9004-65535] the system default (Allow all) + +ALLOWED TCP:[1-79,81-65535] the system default (Allow all) + +ALLOWED UDP:[1-52,54-65535] the system default (Allow all) + +DENIED SCTP:[9003] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED TCP:[80] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +DENIED UDP:[53] due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +ALLOWED SCTP:[9003] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +ALLOWED TCP:[80] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +ALLOWED UDP:[5353] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + +DENIED SCTP:[1-9002,9004-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + +DENIED TCP:[1-79,81-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + +DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-all-ingress-from-hufflepuff (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-ravenclaw-everything (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] anp-priority-10//Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: + +All Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-hufflepuff//Ingress rule pass-from-slytherin (Pass) + 2) the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +ALLOWED TCP:[1-79,81-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #1 + +DENIED TCP:[80] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw//Ingress rule deny-from-slytherin-at-port-80 (Deny) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +0.0.0.0-255.255.255.255 => hufflepuff/cedric-diggory[StatefulSet] +0.0.0.0-255.255.255.255 => slytherin/draco-malfoy[StatefulSet] +gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 +hufflepuff/cedric-diggory[StatefulSet] => 0.0.0.0-255.255.255.255 +slytherin/draco-malfoy[StatefulSet] => 0.0.0.0-255.255.255.255 From 49050df1ab102276dc1fa9dffc3edd4fcd6af203 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 13 Jan 2025 18:12:39 +0200 Subject: [PATCH 15/28] Make linter happy --- pkg/netpol/connlist/connlist.go | 3 ++- pkg/netpol/eval/internal/k8s/netpol.go | 3 ++- pkg/netpol/internal/common/augmented_intervalset.go | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 14f0219b..e191f43f 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -365,7 +365,8 @@ func GetConnectionSetFromP2PConnection(c Peer2PeerConnection) *common.Connection for _, p := range portRangeArr { augmentedRange := p.(*common.PortRangeData) // we cannot fill explainability data here, so we pass an empty rule name and an arbitrary direction (isIngress being true) - protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), augmentedRange.InSet(), "", common.DefaultLayer, true) + protocolsToPortSetMap[protocol].AddPortRange(augmentedRange.Start(), augmentedRange.End(), + augmentedRange.InSet(), "", common.DefaultLayer, true) } } connectionSet := &common.ConnectionSet{AllowAll: c.AllProtocolsAndPorts(), AllowedProtocols: protocolsToPortSetMap} diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 14888deb..7b01b3aa 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -168,7 +168,8 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds protocol = *rulePorts[i].Protocol } // the whole port range is affected by the rule (not only ports mentioned in the rule) - ports := common.MakeEmptyPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), common.NPLayer, isIngress)) + ports := common.MakeEmptyPortSetWithImplyingRules( + common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), common.NPLayer, isIngress)) if rulePorts[i].Port == nil { ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 946d2672..36f6a288 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -315,7 +315,8 @@ func NewAugmentedInterval(start, end int64, inSet bool) AugmentedInterval { } func NewAugmentedIntervalWithRule(start, end int64, inSet bool, rule string, layer LayerType, isIngress bool) AugmentedInterval { - return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, implyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} + return AugmentedInterval{interval: interval.New(start, end), inSet: inSet, + implyingRules: MakeImplyingRulesWithRule(rule, layer, isIngress)} } func NewAugmentedIntervalWithRules(start, end int64, inSet bool, rules ImplyingRulesType) AugmentedInterval { From d78e3c46945214a45c27e1f014c5abb98fd47f03 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 14 Jan 2025 15:42:06 +0200 Subject: [PATCH 16/28] Changed explanation output for empty Xgress rules; More delicate updating implying rules. --- pkg/netpol/eval/internal/k8s/netpol.go | 5 +- .../internal/common/augmented_intervalset.go | 181 ++-- pkg/netpol/internal/common/connectionset.go | 25 +- pkg/netpol/internal/common/portset.go | 22 +- .../acs-security-demos_explain_output.txt | 994 +++++++++--------- .../connlist/anp_demo_explain_output.txt | 8 +- .../netpol_named_port_test_explain_output.txt | 4 +- .../onlineboutique_explain_output.txt | 192 ++-- 8 files changed, 715 insertions(+), 716 deletions(-) diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 7b01b3aa..14d7747e 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -408,8 +408,9 @@ func (np *NetworkPolicy) EgressAllowedConn(dst Peer, protocol, port string) (boo } const ( - NoXgressRulesExpl = "(no %s rules defined)" - CapturedButNotSelectedExpl = "(captured but not selected by any %s rule)" + CapturedButNotSelectedTxt = "captured but not selected by any %s rule" + CapturedButNotSelectedExpl = "(" + CapturedButNotSelectedTxt + ")" + NoXgressRulesExpl = "(" + CapturedButNotSelectedTxt + " - no rules defined)" ) func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) string { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 36f6a288..ec025ff1 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -36,7 +36,7 @@ const ( type ImplyingXgressRulesType struct { Rules map[string]int // DominantLayer keeps the highest priority layer among the current rules; - // used in combination with collectRulesType flag (on 'DontCollect' value) in updateImplyingRules + // used in combination with collectStyle flag (on 'NeverCollectRules' value) in updateImplyingRules DominantLayer LayerType // Result keeps the final connectivity decision which follows from the above rules // (allow, deny or not set) @@ -230,22 +230,8 @@ func (rules *ImplyingRulesType) SetResult(isAllowed, isIngress bool) { } } -// Union collects others' implying rules into the current ones if 'collectRules' flag if true; -// otherwise, it keeps the current rules or overrides them by others', depending on DominantLayer (or when empty). -// The DominantLayer special case is used in order to preserve higher-priority rules. -func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, collectRules bool) { - if other.Empty() { - return - } - if !collectRules { - if rules.Empty() || rules.DominantLayer < other.DominantLayer { - // current rules are empty or lower priority --> override by other - *rules = other.Copy() - rules.DominantLayer = other.DominantLayer - } - return - } - +// Union collects other implying rules into the current ones +func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType) { // first, count how many rules are common in both sets common := 0 for name := range other.Rules { @@ -266,38 +252,78 @@ func (rules *ImplyingXgressRulesType) Union(other ImplyingXgressRulesType, colle } } -func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, collectRules bool) bool { - if !collectRules { - return (rules.Empty() && !other.Empty()) || rules.DominantLayer < other.DominantLayer +type CollectStyleType int + +const ( + NeverCollectRules CollectStyleType = iota + CollectSameInclusionRules + AlwaysCollectRules +) + +// Update implying rules by other (either keep, override or collect), according to the following flags: +// - 'sameInclusion' flag if true iff there is no change in an inclusion status +// of the updated AugmentedInterval / ConnectionSet +// (depending if the current rules come from AugmentedInterval.implyingRules / ConnectionSet.CommonImplyingRules); +// in case of AugmentedInterval, 'inSet' status is same, in case of ConnectionSet conn.AllowAll is same). +// - 'collectStyle' flag specifies whether and how to collect rules (as described below). +// +// The logic of the update is as follows: +// - if 'collectStyle' is AlwaysCollectRules (comes from Intersection of connection sets) --> collect the rules in any case +// (Intersection of connection sets scenario) +// - if 'collectStyle' is CollectSameInclusionRules and the inclusion status persists ('sameInclusion' is true) --> collect the rules +// (Union of connection sets of multiple NPs scenario) +// - otherwise, if the inclusion status changes ('sameInclusion' is false) --> override the rules +// - otherwise, if the DominantLayer priortiy of the other rules is higher --> override the rules +// - otherwise, keep the current rules. +func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameInclusion bool, collectStyle CollectStyleType) ImplyingXgressRulesType { + result := rules.Copy() + if other.Empty() { + return result } - for name := range other.Rules { - if _, ok := rules.Rules[name]; !ok { - return true - } + if collectStyle == AlwaysCollectRules || (collectStyle == CollectSameInclusionRules && sameInclusion) { + result.Union(other) + return result } - return false + + // inclusion status changes --> override + if !sameInclusion { + result = other.Copy() + return result + } + // collectStyle == NeverCollectRules + // inclusion status persists --> keep or override according to the priority + if rules.Empty() || rules.DominantLayer < other.DominantLayer { + // rules are empty or of lower priority --> override + result = other.Copy() + } + return result } -func (rules *ImplyingRulesType) Union(other ImplyingRulesType, collectRules bool) { - rules.Ingress.Union(other.Ingress, collectRules) - rules.Egress.Union(other.Egress, collectRules) +func (rules ImplyingRulesType) Update(other ImplyingRulesType, sameInclusion bool, collectStyle CollectStyleType) ImplyingRulesType { + result := ImplyingRulesType{} + result.Ingress = rules.Ingress.update(other.Ingress, sameInclusion, collectStyle) + result.Egress = rules.Egress.update(other.Egress, sameInclusion, collectStyle) + return result } -// OverrideOrCollectOtherwise overrides current implying rules by others' if 'overrideRules' flag if true; -// otherwise, it collects others' implying rules into the current ones. -// It is used when updating implying rules (updateImplyingRules()) while adding a new interval (AddAugmentedInterval()), -// in the case that 'inSet' changes. -// A special case of collect is used when AddAugmentedInterval() is called with AlwaysCollect flag from Intersect(). -func (rules *ImplyingRulesType) OverrideOrCollectOtherwise(other ImplyingRulesType, overrideRules bool) { - if overrideRules { - *rules = other.Copy() - } else { - rules.Union(other, true) +// This function returns whether the current rules may be updated by the other rules. +// It follows the logic of Update() (see explanation above). +func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, sameInclusion bool, collectStyle CollectStyleType) bool { + if collectStyle == AlwaysCollectRules || (collectStyle == CollectSameInclusionRules && sameInclusion) { + // return true iff Union would change anything + for name := range other.Rules { + if _, ok := rules.Rules[name]; !ok { + return true + } + } + return false } + return (!sameInclusion || rules.Empty() && !other.Empty()) || rules.DominantLayer < other.DominantLayer } -func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, collectRules bool) bool { - return rules.Ingress.mayBeUpdatedBy(other.Ingress, collectRules) || rules.Egress.mayBeUpdatedBy(other.Egress, collectRules) +func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, sameInclusion bool, collectStyle CollectStyleType) bool { + return rules.Ingress.mayBeUpdatedBy(other.Ingress, sameInclusion, collectStyle) || + rules.Egress.mayBeUpdatedBy(other.Egress, sameInclusion, collectStyle) } const ( @@ -477,35 +503,11 @@ func (c *AugmentedCanonicalSet) Equal(other *AugmentedCanonicalSet) bool { return true } -type CollectRulesType int - -const ( - // DontCollect: when adding a new interval, never collect impying rules for intervals in which 'inSet' status persists; - // instead, keep current rules or substutute them by new ones, according to a higher DominantLayer - DontCollect CollectRulesType = iota - // SimpleCollect: when adding a new interval, collect impying rules for intervals in which 'inSet' status persists - SimpleCollect - // AlwaysCollect: when adding a new interval, always collect impying rules (even if 'inSet' status changes); used in Intersect() - AlwaysCollect -) - -func updateImplyingRules(currInterval, newInterval AugmentedInterval, collectRulesType CollectRulesType) ImplyingRulesType { - newImplyingRules := currInterval.implyingRules.Copy() - if currInterval.inSet == newInterval.inSet { - // 'inSet' persists --> collect rules if not specified otherwise by DontCollect - newImplyingRules.Union(newInterval.implyingRules, collectRulesType != DontCollect) - } else { - // 'inSet' changes --> override rules if not specified otherwise by AlwaysCollect - newImplyingRules.OverrideOrCollectOtherwise(newInterval.implyingRules, collectRulesType != AlwaysCollect) - } - return newImplyingRules -} - // AddAugmentedInterval adds a new interval/hole to the set, // and updates the implying rules accordingly // //gocyclo:ignore -func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectRulesType CollectRulesType) { +func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collectStyle CollectStyleType) { if v.interval.Start() < c.MinValue() || v.interval.End() > c.MaxValue() { log.Panic(errOutOfRangeInterval) } @@ -524,33 +526,36 @@ func (c *AugmentedCanonicalSet) AddAugmentedInterval(v AugmentedInterval, collec result = append(result, slices.Clone(set[0:left])...) // handle the left-hand side of the intersection of v with set + sameInclusion := set[left].inSet == v.inSet if v.interval.Start() > set[left].interval.Start() && - (set[left].inSet != v.inSet || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { + (!sameInclusion || set[left].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { // split set[left] into two intervals, while the implying rules of the second interval should get the new value (from v) new1 := AugmentedInterval{interval: interval.New(set[left].interval.Start(), v.interval.Start()-1), inSet: set[left].inSet, implyingRules: set[left].implyingRules.Copy()} new2 := AugmentedInterval{interval: interval.New(v.interval.Start(), min(set[left].interval.End(), v.interval.End())), - inSet: v.inSet, implyingRules: updateImplyingRules(set[left], v, collectRulesType)} + inSet: v.inSet, implyingRules: set[left].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)} result = append(result, new1, new2) left++ } for ind := left; ind <= right; ind++ { + sameInclusion := set[ind].inSet == v.inSet if ind == right && v.interval.End() < set[right].interval.End() && - (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { + (!sameInclusion || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { break // this is the corner case handled following the loop below } result = append(result, AugmentedInterval{interval: set[ind].interval, inSet: v.inSet, - implyingRules: updateImplyingRules(set[ind], v, collectRulesType)}) + implyingRules: set[ind].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)}) } // handle the right-hand side of the intersection of v with set + sameInclusion = set[right].inSet == v.inSet if v.interval.End() < set[right].interval.End() && - (set[right].inSet != v.inSet || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, collectRulesType != DontCollect)) { + (!sameInclusion || set[right].implyingRules.mayBeUpdatedBy(v.implyingRules, sameInclusion, collectStyle)) { // split set[right] into two intervals, while the implying rules of the first interval should get the new value (from v) if left < right || (left == right && v.interval.Start() == set[left].interval.Start()) { // a special case when left==right (i.e., v is included in one interval from set) was already handled // at the left-hand side of the intersection of v with set - new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), - inSet: v.inSet, implyingRules: updateImplyingRules(set[right], v, collectRulesType)} + new1 := AugmentedInterval{interval: interval.New(set[right].interval.Start(), v.interval.End()), inSet: v.inSet, + implyingRules: set[right].implyingRules.Update(v.implyingRules, sameInclusion, collectStyle)} result = append(result, new1) } new2 := AugmentedInterval{interval: interval.New(v.interval.End()+1, set[right].interval.End()), @@ -579,15 +584,13 @@ func (c *AugmentedCanonicalSet) String() string { } // Union returns the union of the two sets -// Note: this function is not symmetrical regarding the update of implying rules: -// it always prefers implying rules of 'c', and adds to it those of 'other' depending if collectRules == true -func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectRules bool) *AugmentedCanonicalSet { +func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectSameInclusionRules bool) *AugmentedCanonicalSet { if c == other { return c.Copy() } - collectRulesType := DontCollect - if collectRules { - collectRulesType = SimpleCollect + collectStyle := NeverCollectRules + if collectSameInclusionRules { + collectStyle = CollectSameInclusionRules } // first, we add all 'out of set' intervals from both sets // then, we add all 'in set' intervals from both sets @@ -595,22 +598,22 @@ func (c *AugmentedCanonicalSet) Union(other *AugmentedCanonicalSet, collectRules res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, collectRulesType) + res.AddAugmentedInterval(left, collectStyle) } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, collectRulesType) + res.AddAugmentedInterval(right, collectStyle) } } for _, left := range c.intervalSet { if left.inSet { - res.AddAugmentedInterval(left, collectRulesType) + res.AddAugmentedInterval(left, collectStyle) } } for _, right := range other.intervalSet { if right.inSet { - res.AddAugmentedInterval(right, collectRulesType) + res.AddAugmentedInterval(right, collectStyle) } } return res @@ -623,7 +626,7 @@ func (c *AugmentedCanonicalSet) Copy() *AugmentedCanonicalSet { func (c *AugmentedCanonicalSet) Contains(n int64) bool { otherSet := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) - otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), DontCollect) + otherSet.AddAugmentedInterval(NewAugmentedInterval(n, n, true), NeverCollectRules) return otherSet.ContainedIn(c) } @@ -675,22 +678,22 @@ func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *Augment res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) for _, left := range c.intervalSet { if left.inSet { - res.AddAugmentedInterval(left, AlwaysCollect) // collect implying rules allowed by both sets + res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules allowed by both sets } } for _, right := range other.intervalSet { if right.inSet { - res.AddAugmentedInterval(right, AlwaysCollect) // collect implying rules allowed by both sets + res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules allowed by both sets } } for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, AlwaysCollect) // collect implying rules allowed by both sets + res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules allowed by both sets } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, AlwaysCollect) // collect implying rules allowed by both sets + res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules allowed by both sets } } return res @@ -733,7 +736,7 @@ func (c *AugmentedCanonicalSet) Subtract(other *AugmentedCanonicalSet) *Augmente if interval.inSet { hole := interval hole.inSet = false - res.AddAugmentedInterval(hole, DontCollect) + res.AddAugmentedInterval(hole, NeverCollectRules) } } return res @@ -766,7 +769,7 @@ func (c *AugmentedCanonicalSet) GetEquivalentCanonicalAugmentedSet() *AugmentedC res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) interv, index := c.nextIncludedInterval(0) for index != NoIndex { - res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), DontCollect) + res.AddAugmentedInterval(NewAugmentedInterval(interv.Start(), interv.End(), true), NeverCollectRules) interv, index = c.nextIncludedInterval(index + 1) } return res diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 051681a9..7a7412af 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -84,7 +84,7 @@ func (conn *ConnectionSet) Intersection(other *ConnectionSet) { conn.AllowedProtocols = map[v1.Protocol]*PortSet{} } // union common implying rules - a symmetrical update - conn.CommonImplyingRules.Union(other.CommonImplyingRules, true) + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, true, AlwaysCollectRules) return } // prepare conn and other for the intersection - we need to seep implying rules info into all protocols/ports @@ -169,17 +169,13 @@ func (conn *ConnectionSet) rebuildExplicitly() { } // Union updates ConnectionSet object to be the union result with other ConnectionSet -// the implying rules are updated only if something changes in conn, -// i.e., conn has a precedence over other -func (conn *ConnectionSet) Union(other *ConnectionSet, collectRules bool) { +func (conn *ConnectionSet) Union(other *ConnectionSet, collectSameInclusionRules bool) { + collectStyle := NeverCollectRules + if collectSameInclusionRules { + collectStyle = CollectSameInclusionRules + } if conn.IsEmpty() && (other.IsEmpty() || other.AllowAll) && len(conn.AllowedProtocols) == 0 && len(other.AllowedProtocols) == 0 { - if other.IsEmpty() { - // we should union implying rules - both contribute to the result being empty - conn.CommonImplyingRules.Union(other.CommonImplyingRules, collectRules) - } else { - // we should substitute the implying rules by others' rules - conn.CommonImplyingRules = other.CommonImplyingRules.Copy() - } + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, other.IsEmpty(), collectStyle) conn.AllowAll = other.AllowAll return } @@ -190,7 +186,7 @@ func (conn *ConnectionSet) Union(other *ConnectionSet, collectRules bool) { other.rebuildExplicitly() for protocol := range conn.AllowedProtocols { if otherPorts, ok := other.AllowedProtocols[protocol]; ok { - conn.AllowedProtocols[protocol].Union(otherPorts, collectRules) + conn.AllowedProtocols[protocol].Union(otherPorts, collectSameInclusionRules) } } conn.CommonImplyingRules = InitImplyingRules() // clear common implying rules, since we have implying rules in AllowedProtocols @@ -205,8 +201,9 @@ func (conn *ConnectionSet) Subtract(other *ConnectionSet) { return } if other.AllowAll && len(other.AllowedProtocols) == 0 { - // a special case when we should replace current common implying rules by others' - conn.CommonImplyingRules = other.CommonImplyingRules.Copy() + // a special case when we should override the current common implying rules by others' + // because conn.AllowAll (aka the inclusion status) changes + conn.CommonImplyingRules = conn.CommonImplyingRules.Update(other.CommonImplyingRules, false, NeverCollectRules) conn.AllowAll = false conn.AllowedProtocols = map[v1.Protocol]*PortSet{} return diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index a517a5e0..0d6dbcae 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -97,12 +97,10 @@ func (p *PortSet) AddPort(port intstr.IntOrString, implyingRules ImplyingRulesTy if _, ok := p.NamedPorts[port.StrVal]; !ok { p.NamedPorts[port.StrVal] = InitImplyingRules() } - theRules := p.NamedPorts[port.StrVal] - theRules.Union(implyingRules, true) - p.NamedPorts[port.StrVal] = theRules + p.NamedPorts[port.StrVal] = p.NamedPorts[port.StrVal].Update(implyingRules, false, NeverCollectRules) delete(p.ExcludedNamedPorts, port.StrVal) } else { - p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), SimpleCollect) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), NeverCollectRules) } } @@ -112,20 +110,22 @@ func (p *PortSet) RemovePort(port intstr.IntOrString) { p.ExcludedNamedPorts[port.StrVal] = p.NamedPorts[port.StrVal] delete(p.NamedPorts, port.StrVal) } else { - p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), DontCollect) + p.Ports.AddAugmentedInterval(NewAugmentedInterval(int64(port.IntVal), int64(port.IntVal), false), NeverCollectRules) } } // AddPortRange: update current PortSet object with new added port range as allowed func (p *PortSet) AddPortRange(minPort, maxPort int64, inSet bool, fromRule string, layer LayerType, isIngress bool) { - p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, layer, isIngress), SimpleCollect) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRule(minPort, maxPort, inSet, fromRule, layer, isIngress), NeverCollectRules) } // Union: update current PortSet object with union of input PortSet object // Note: this function is not symmetrical regarding the update of implying rules: -// it updates implying rules of 'p' by those of 'other' only for ports that get changed in 'p' -func (p *PortSet) Union(other *PortSet, collectRules bool) { - p.Ports = p.Ports.Union(other.Ports, collectRules) +// - for ports that get changed in 'p', it overrides implying rules of 'p' by those of 'other'; +// - for unchanged ports it updates implying rules of 'p' according to 'collectSameInclusionRules' +// (collecting when true, overriding by priority otherwise) +func (p *PortSet) Union(other *PortSet, collectSameInclusionRules bool) { + p.Ports = p.Ports.Union(other.Ports, collectSameInclusionRules) // union current namedPorts with other namedPorts, and delete other namedPorts from current excludedNamedPorts for k, v := range other.NamedPorts { if _, ok := p.NamedPorts[k]; !ok { @@ -206,9 +206,7 @@ func (p *PortSet) subtract(other *PortSet) { if _, ok := p.ExcludedNamedPorts[k]; !ok { p.ExcludedNamedPorts[k] = InitImplyingRules() } - theRules := p.ExcludedNamedPorts[k] - theRules.Union(v.Copy(), true) - p.ExcludedNamedPorts[k] = theRules + p.ExcludedNamedPorts[k] = p.ExcludedNamedPorts[k].Update(v, false, NeverCollectRules) delete(p.NamedPorts, k) } } diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt index 1e9c26ea..17031bf1 100644 --- a/test_outputs/connlist/acs-security-demos_explain_output.txt +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -5,7 +5,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: @@ -14,7 +14,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: @@ -22,7 +22,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -31,7 +31,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -40,7 +40,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -49,7 +49,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -59,7 +59,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: @@ -67,7 +67,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -76,7 +76,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -85,7 +85,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Dep No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -94,7 +94,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deploymen No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -102,8 +102,8 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -111,21 +111,21 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -133,10 +133,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deploy No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -144,10 +144,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -155,10 +155,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -166,22 +166,22 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/asset-cache[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -190,25 +190,25 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -216,10 +216,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -227,10 +227,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -238,10 +238,10 @@ CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deplo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (no Egress rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -250,7 +250,7 @@ CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress (captured but not selected by any Egress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -261,21 +261,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/notification[Deployment]: @@ -290,28 +290,28 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -327,28 +327,28 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -358,21 +358,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -382,21 +382,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -439,7 +439,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: @@ -452,21 +452,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -482,28 +482,28 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -513,21 +513,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -537,21 +537,21 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol//Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -559,8 +559,8 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -568,32 +568,32 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -601,10 +601,10 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -612,10 +612,10 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deploym No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -623,22 +623,22 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Dep DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -647,25 +647,25 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -673,10 +673,10 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deploym No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -684,10 +684,10 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-proc No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -695,10 +695,10 @@ CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/notification-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -706,7 +706,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -721,14 +721,14 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -741,7 +741,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -751,51 +751,51 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/notification[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -803,25 +803,25 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/reports[Deploy DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -829,25 +829,25 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/shipping[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -855,21 +855,21 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/asset-cache[D DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -882,7 +882,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -892,40 +892,40 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deploy DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -933,25 +933,25 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -959,25 +959,25 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/mastercard-pr DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -985,25 +985,25 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/visa-processo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol//Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1011,7 +1011,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -1026,14 +1026,14 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #2 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) @@ -1046,7 +1046,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) @@ -1056,51 +1056,51 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/notification[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1114,33 +1114,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #2 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1148,25 +1148,25 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1174,21 +1174,21 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/asset-cache[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1201,7 +1201,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1211,40 +1211,40 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1252,25 +1252,25 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1278,25 +1278,25 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/mastercard-processor DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1304,25 +1304,25 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/visa-processor[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1330,8 +1330,8 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1339,32 +1339,32 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1372,10 +1372,10 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deplo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1383,10 +1383,10 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1394,22 +1394,22 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/asset-cache[Deploym DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1418,25 +1418,25 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1444,10 +1444,10 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment] No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1455,10 +1455,10 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1466,10 +1466,10 @@ CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Depl No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (no Egress rules defined) - 2) [NP] backend/shipping-netpol//Egress (no Egress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1477,8 +1477,8 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1486,32 +1486,32 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1519,10 +1519,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[D No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1530,10 +1530,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1541,10 +1541,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deploym No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1552,25 +1552,25 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1578,10 +1578,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deploym No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1589,10 +1589,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-proc No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1600,10 +1600,10 @@ CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (no Egress rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1611,7 +1611,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -1620,26 +1620,26 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: @@ -1652,14 +1652,14 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1672,7 +1672,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1682,25 +1682,25 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployme DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1714,33 +1714,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #3 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1754,33 +1754,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1794,33 +1794,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1828,21 +1828,21 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1855,7 +1855,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -1865,25 +1865,25 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1891,25 +1891,25 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/mastercard-processor DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1917,25 +1917,25 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/visa-processor[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (no Egress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1943,7 +1943,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -1952,77 +1952,77 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/checkout[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/notification[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2030,25 +2030,25 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/recommendation[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2056,25 +2056,25 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/reports[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2082,25 +2082,25 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/shipping[Deployment] DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2108,21 +2108,21 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/asset-cache[Deploym DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -2135,7 +2135,7 @@ DENIED UDP:[5353] due to the following policies//rules: DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -2145,40 +2145,40 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2192,33 +2192,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2232,33 +2232,33 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED UDP:[5353] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol//Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2266,8 +2266,8 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2275,32 +2275,32 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2308,10 +2308,10 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recomme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2319,10 +2319,10 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2330,10 +2330,10 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shippin No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2341,22 +2341,22 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset- DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -2365,25 +2365,25 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2391,10 +2391,10 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gatewa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2402,10 +2402,10 @@ CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-p No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2413,8 +2413,8 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.2 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2422,32 +2422,32 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deplo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2455,10 +2455,10 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendatio No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2466,10 +2466,10 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deplo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2477,10 +2477,10 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Depl No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (no Ingress rules defined) + 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2488,22 +2488,22 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[ DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) @@ -2512,25 +2512,25 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deplo DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol//Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2538,10 +2538,10 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Depl No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2549,10 +2549,10 @@ CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-p No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (no Egress rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (no Egress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (no Ingress rules defined) + 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2586,12 +2586,12 @@ ALLOWED TCP:[8080] due to the following policies//rules: DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (no Ingress rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index 079e1e32..03877b84 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -152,7 +152,7 @@ CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -160,7 +160,7 @@ CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => gryffindor/harry-pot No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-ravenclaw-everything (Allow) @@ -169,7 +169,7 @@ CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => hufflepuff/cedric-di No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -177,7 +177,7 @@ CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => slytherin/draco-malf No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (no Egress rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt index a4fdd6b6..d5edba17 100644 --- a/test_outputs/connlist/netpol_named_port_test_explain_output.txt +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -19,7 +19,7 @@ CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Egress (no Egress rules defined) + 1) [NP] helloworld/enable-ingress-from-named-port//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -27,7 +27,7 @@ CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => helloworld/new-pod[Deploymen No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Egress (no Egress rules defined) + 1) [NP] helloworld/enable-ingress-from-named-port//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt index 2887d4a3..e329bf1e 100644 --- a/test_outputs/connlist/onlineboutique_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -52,7 +52,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator-555fbdc87d[ No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -91,7 +91,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => 0.0.0.0-255.255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -99,7 +99,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/cartserv No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -108,7 +108,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/checkout No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -117,7 +117,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/currency No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -126,7 +126,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/emailser No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -135,7 +135,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/frontend No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -144,16 +144,16 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/loadgene No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -162,7 +162,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/productc No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -171,7 +171,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/recommen No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -180,7 +180,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/redis-ca No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -188,7 +188,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/shipping No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -197,7 +197,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => 0.0.0.0-255.255 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -205,7 +205,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/adservi No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -214,7 +214,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/checkou No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -223,7 +223,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/currenc No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -232,7 +232,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/emailse No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -241,7 +241,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/fronten No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -250,16 +250,16 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/loadgen No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -268,7 +268,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/product No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -277,7 +277,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/recomme No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -286,7 +286,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/redis-c No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -294,7 +294,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/shippin No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -394,7 +394,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -481,7 +481,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -489,7 +489,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/ad No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -498,7 +498,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/ca No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -507,7 +507,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/ch No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -516,7 +516,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/em No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -525,7 +525,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/fr No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -534,16 +534,16 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/lo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -552,7 +552,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/pr No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -561,7 +561,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/re No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -570,7 +570,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/re No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -578,7 +578,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/sh No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -587,7 +587,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => 0.0.0.0-255.25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -595,7 +595,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/adserv No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -604,7 +604,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/cartse No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -613,7 +613,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/checko No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -622,7 +622,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/curren No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -631,7 +631,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/fronte No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -640,16 +640,16 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/loadge No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -658,7 +658,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/produc No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -667,7 +667,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/recomm No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -676,7 +676,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/redis- No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -684,7 +684,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/shippi No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -796,7 +796,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -1001,7 +1001,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => 0.0.0.0-255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1009,7 +1009,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/adse No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1018,7 +1018,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/cart No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1027,7 +1027,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/chec No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1036,7 +1036,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/curr No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1045,7 +1045,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/emai No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1054,7 +1054,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/fron No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1063,16 +1063,16 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/load No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1081,7 +1081,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/reco No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1090,7 +1090,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/redi No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1098,7 +1098,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/ship No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1107,7 +1107,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => 0.0. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1115,7 +1115,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1124,7 +1124,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1133,7 +1133,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1142,7 +1142,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1151,7 +1151,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1160,7 +1160,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1169,16 +1169,16 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1187,7 +1187,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1196,7 +1196,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1204,7 +1204,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => defa No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1277,7 +1277,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -1380,7 +1380,7 @@ CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/loadgen No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -1419,7 +1419,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => 0.0.0.0-25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -1427,7 +1427,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/ad No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1436,7 +1436,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/ca No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1445,7 +1445,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/ch No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1454,7 +1454,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/cu No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1463,7 +1463,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/em No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1472,7 +1472,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/fr No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1481,16 +1481,16 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/lo No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (no Ingress rules defined) + 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1499,7 +1499,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/pr No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1508,7 +1508,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/re No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -1517,7 +1517,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/re No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (no Egress rules defined) + 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- From 4ab3d96c6fceba6350a5a7c497644940a3036fc6 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 14 Jan 2025 17:02:22 +0200 Subject: [PATCH 17/28] make linter happy; simplified complement pass connections calculation. --- .../eval/internal/k8s/policy_connections.go | 7 +------ .../internal/common/augmented_intervalset.go | 15 ++++++++++----- pkg/netpol/internal/common/portset.go | 3 ++- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/pkg/netpol/eval/internal/k8s/policy_connections.go b/pkg/netpol/eval/internal/k8s/policy_connections.go index 1d7f7647..fb494cec 100644 --- a/pkg/netpol/eval/internal/k8s/policy_connections.go +++ b/pkg/netpol/eval/internal/k8s/policy_connections.go @@ -90,12 +90,7 @@ func (pc *PolicyConnections) CollectANPConns(newAdminPolicyConns *PolicyConnecti // ComplementPassConns complements pass connections to all connections (by adding the absent conections) func (pc *PolicyConnections) ComplementPassConns() { - defaultPassConn := common.MakeConnectionSet(true) - defaultPassConn.Subtract(pc.AllowedConns) - defaultPassConn.Subtract(pc.DeniedConns) - // 'GetEquivalentCanonicalConnectionSet' below removes implying rules - // (we don't collect implying rules for default pass connections) - pc.PassConns.Union(defaultPassConn.GetEquivalentCanonicalConnectionSet(), false) + pc.PassConns.Union(common.MakeConnectionSet(true), false) } // CollectAllowedConnsFromNetpols updates allowed conns of current PolicyConnections object with allowed connections from diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index ec025ff1..e52f2df9 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -269,13 +269,15 @@ const ( // // The logic of the update is as follows: // - if 'collectStyle' is AlwaysCollectRules (comes from Intersection of connection sets) --> collect the rules in any case -// (Intersection of connection sets scenario) +// (Intersection of connection sets scenario, mainly for intersecion with pass connections) // - if 'collectStyle' is CollectSameInclusionRules and the inclusion status persists ('sameInclusion' is true) --> collect the rules // (Union of connection sets of multiple NPs scenario) // - otherwise, if the inclusion status changes ('sameInclusion' is false) --> override the rules // - otherwise, if the DominantLayer priortiy of the other rules is higher --> override the rules // - otherwise, keep the current rules. -func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameInclusion bool, collectStyle CollectStyleType) ImplyingXgressRulesType { +func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameInclusion bool, + collectStyle CollectStyleType) ImplyingXgressRulesType { + result := rules.Copy() if other.Empty() { return result @@ -299,7 +301,8 @@ func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameI return result } -func (rules ImplyingRulesType) Update(other ImplyingRulesType, sameInclusion bool, collectStyle CollectStyleType) ImplyingRulesType { +func (rules ImplyingRulesType) Update(other ImplyingRulesType, sameInclusion bool, + collectStyle CollectStyleType) ImplyingRulesType { result := ImplyingRulesType{} result.Ingress = rules.Ingress.update(other.Ingress, sameInclusion, collectStyle) result.Egress = rules.Egress.update(other.Egress, sameInclusion, collectStyle) @@ -308,7 +311,8 @@ func (rules ImplyingRulesType) Update(other ImplyingRulesType, sameInclusion boo // This function returns whether the current rules may be updated by the other rules. // It follows the logic of Update() (see explanation above). -func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, sameInclusion bool, collectStyle CollectStyleType) bool { +func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesType, sameInclusion bool, + collectStyle CollectStyleType) bool { if collectStyle == AlwaysCollectRules || (collectStyle == CollectSameInclusionRules && sameInclusion) { // return true iff Union would change anything for name := range other.Rules { @@ -321,7 +325,8 @@ func (rules *ImplyingXgressRulesType) mayBeUpdatedBy(other ImplyingXgressRulesTy return (!sameInclusion || rules.Empty() && !other.Empty()) || rules.DominantLayer < other.DominantLayer } -func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, sameInclusion bool, collectStyle CollectStyleType) bool { +func (rules ImplyingRulesType) mayBeUpdatedBy(other ImplyingRulesType, sameInclusion bool, + collectStyle CollectStyleType) bool { return rules.Ingress.mayBeUpdatedBy(other.Ingress, sameInclusion, collectStyle) || rules.Egress.mayBeUpdatedBy(other.Egress, sameInclusion, collectStyle) } diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index 0d6dbcae..04e6a9b2 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -100,7 +100,8 @@ func (p *PortSet) AddPort(port intstr.IntOrString, implyingRules ImplyingRulesTy p.NamedPorts[port.StrVal] = p.NamedPorts[port.StrVal].Update(implyingRules, false, NeverCollectRules) delete(p.ExcludedNamedPorts, port.StrVal) } else { - p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), true, implyingRules), NeverCollectRules) + p.Ports.AddAugmentedInterval(NewAugmentedIntervalWithRules(int64(port.IntVal), int64(port.IntVal), + true, implyingRules), NeverCollectRules) } } From 2f52f7b8e5f31300636c0260ce00b0addbd92c85 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 14 Jan 2025 17:26:39 +0200 Subject: [PATCH 18/28] make linter happy --- pkg/netpol/internal/common/augmented_intervalset.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index e52f2df9..e03b82fb 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -277,7 +277,6 @@ const ( // - otherwise, keep the current rules. func (rules ImplyingXgressRulesType) update(other ImplyingXgressRulesType, sameInclusion bool, collectStyle CollectStyleType) ImplyingXgressRulesType { - result := rules.Copy() if other.Empty() { return result From ae744521133e6aa32988600a73422e35ca8a9fe3 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 14 Jan 2025 17:35:06 +0200 Subject: [PATCH 19/28] changed names of pods in anp_banp_blog_demo test --- .../anp_banp_blog_demo_explain_output.txt | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index b89b9f0b..87ca1aac 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -7,7 +7,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN bar/my-bar[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -15,7 +15,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN baz/my-baz[Pod] => bar/my-bar[Pod]: +CONNECTIONS BETWEEN baz/mybaz[Pod] => bar/mybar[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -23,7 +23,7 @@ No Connections due to the following policies//rules: 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN baz/my-baz[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -31,7 +31,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN foo/my-foo[Pod] => bar/my-bar[Pod]: +CONNECTIONS BETWEEN foo/myfoo[Pod] => bar/mybar[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -39,7 +39,7 @@ No Connections due to the following policies//rules: 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -48,7 +48,7 @@ No Connections due to the following policies//rules: 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: All Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -56,7 +56,7 @@ All Connections due to the following policies//rules: 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: All Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -66,15 +66,15 @@ All Connections due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): -0.0.0.0-255.255.255.255 => bar/my-bar[Pod] -0.0.0.0-255.255.255.255 => baz/my-baz[Pod] -0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] -bar/my-bar[Pod] => 0.0.0.0-255.255.255.255 -bar/my-bar[Pod] => baz/my-baz[Pod] -bar/my-bar[Pod] => monitoring/my-monitoring[Pod] -baz/my-baz[Pod] => 0.0.0.0-255.255.255.255 -baz/my-baz[Pod] => monitoring/my-monitoring[Pod] -foo/my-foo[Pod] => 0.0.0.0-255.255.255.255 -foo/my-foo[Pod] => baz/my-baz[Pod] -foo/my-foo[Pod] => monitoring/my-monitoring[Pod] -monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 From 3385cb14cf40acf1a98e31452a184c13e534e58e Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 14 Jan 2025 17:40:28 +0200 Subject: [PATCH 20/28] Changed named of pods in anp_banp_blog_demo_2 (according to the change in anp_banp_blog_demo) --- .../anp_banp_blog_demo_2_explain_output.txt | 40 +++++++++---------- tests/anp_banp_blog_demo_2/workloads.yaml | 16 ++++---- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index df3a5b0c..71278b87 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/my-foo[Pod]: +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) @@ -7,7 +7,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN bar/my-bar[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -15,7 +15,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN baz/my-baz[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: No Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -23,7 +23,7 @@ No Connections due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => bar/my-bar[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -46,7 +46,7 @@ DENIED TCP:[8080] due to the following policies//rules: 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => baz/my-baz[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) @@ -58,7 +58,7 @@ ALLOWED TCP:[1234] due to the following policies//rules: ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/my-monitoring[Pod] => foo/my-foo[Pod]: +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -83,17 +83,17 @@ ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): -0.0.0.0-255.255.255.255 => bar/my-bar[Pod] -0.0.0.0-255.255.255.255 => baz/my-baz[Pod] -0.0.0.0-255.255.255.255 => monitoring/my-monitoring[Pod] -bar/my-bar[Pod] => 0.0.0.0-255.255.255.255 -bar/my-bar[Pod] => baz/my-baz[Pod] -bar/my-bar[Pod] => monitoring/my-monitoring[Pod] -baz/my-baz[Pod] => 0.0.0.0-255.255.255.255 -baz/my-baz[Pod] => bar/my-bar[Pod] -baz/my-baz[Pod] => monitoring/my-monitoring[Pod] -foo/my-foo[Pod] => 0.0.0.0-255.255.255.255 -foo/my-foo[Pod] => bar/my-bar[Pod] -foo/my-foo[Pod] => baz/my-baz[Pod] -foo/my-foo[Pod] => monitoring/my-monitoring[Pod] -monitoring/my-monitoring[Pod] => 0.0.0.0-255.255.255.255 +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => bar/mybar[Pod] +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => bar/mybar[Pod] +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 diff --git a/tests/anp_banp_blog_demo_2/workloads.yaml b/tests/anp_banp_blog_demo_2/workloads.yaml index 00b070ff..51061e87 100644 --- a/tests/anp_banp_blog_demo_2/workloads.yaml +++ b/tests/anp_banp_blog_demo_2/workloads.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: Pod metadata: namespace: foo - name: my-foo + name: myfoo labels: security: internal spec: containers: - - name: myfirstContainer + - name: myfirstcontainer image: fooimage --- @@ -16,12 +16,12 @@ apiVersion: v1 kind: Pod metadata: namespace: bar - name: my-bar + name: mybar labels: security: internal spec: containers: - - name: myfirstContainer + - name: myfirstcontainer image: barimage --- @@ -30,12 +30,12 @@ apiVersion: v1 kind: Pod metadata: namespace: baz - name: my-baz + name: mybaz labels: security: none spec: containers: - - name: myfirstContainer + - name: myfirstcontainer image: bazimage --- @@ -44,12 +44,12 @@ apiVersion: v1 kind: Pod metadata: namespace: monitoring - name: my-monitoring + name: mymonitoring labels: security: monitoring spec: containers: - - name: myfirstContainer + - name: myfirstcontainer image: monitoringimage --- From 718b34ddac77301d76be0f90cdfb2241beff5d5a Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 20 Jan 2025 10:19:39 +0200 Subject: [PATCH 21/28] Changed default IP block conections explanation to be the same as system default connections explanation; changed explain test outputs accordingly. --- pkg/netpol/connlist/conns_formatter_txt.go | 2 +- .../internal/common/augmented_intervalset.go | 3 +- .../acs-security-demos_explain_output.txt | 44 ++-- ...networks_and_nodes_test_explain_output.txt | 6 +- .../anp_banp_blog_demo_2_explain_output.txt | 4 +- .../anp_banp_blog_demo_explain_output.txt | 4 +- ...with_named_port_matched_explain_output.txt | 2 +- ...th_named_port_unmatched_explain_output.txt | 2 +- .../connlist/anp_demo_explain_output.txt | 8 +- .../connlist/anp_test_10_explain_output.txt | 2 +- .../connlist/ipblockstest_explain_output.txt | 212 +++++++++--------- .../netpol_named_port_test_explain_output.txt | 6 +- .../onlineboutique_explain_output.txt | 46 ++-- 13 files changed, 170 insertions(+), 171 deletions(-) diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index 7141792d..7648689f 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -89,7 +89,7 @@ const ( unprotectedHeader = "\nWorkloads not protected by network policies:\n" separationLine80 = "--------------------------------------------------------------------------------" nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine - systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemOrIPDefaultRule + ":\n" + systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemDefaultRule + ":\n" ) // writeExposureOutput writes the section of the exposure-analysis result diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index e03b82fb..fd31bc66 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -109,9 +109,8 @@ const ( ExplAllowAll = " (Allow all)" SystemDefaultString = "the system default" SystemDefaultRule = SystemDefaultString + ExplAllowAll - IPDefaultString = "the assumed default for IPblock" + IPDefaultString = SystemDefaultString // currently the same as system default; change for different explanation for IP default IPDefaultRule = IPDefaultString + ExplAllowAll - SystemOrIPDefaultRule = SystemDefaultString + " or " + IPDefaultString + ExplAllowAll ExplSystemDefault = ExplString + SystemDefaultRule PodToItselfRule = "pod to itself " + ExplAllowAll allowResultStr = "ALLOWED" diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt index 17031bf1..b5eafd8a 100644 --- a/test_outputs/connlist/acs-security-demos_explain_output.txt +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -11,7 +11,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -20,7 +20,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) @@ -29,7 +29,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) @@ -38,7 +38,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) @@ -47,7 +47,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) @@ -56,7 +56,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Ingress (captured but not selected by any Ingress rule) 2) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -65,7 +65,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Ingress (captured but not selected by any Ingress rule) @@ -74,7 +74,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) @@ -83,7 +83,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) @@ -92,7 +92,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) @@ -104,7 +104,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: @@ -251,7 +251,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol//Egress (captured but not selected by any Egress rule) 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: @@ -561,7 +561,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: @@ -708,7 +708,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/recommendation-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: @@ -1013,7 +1013,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/reports-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/catalog[Deployment]: @@ -1332,7 +1332,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: @@ -1479,7 +1479,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: @@ -1613,7 +1613,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/webapp-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: @@ -1945,7 +1945,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/gateway-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: @@ -2268,7 +2268,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: @@ -2415,7 +2415,7 @@ No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt index 127ae912..d01859bb 100644 --- a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -4,7 +4,7 @@ CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [ANP] egress-peer-1//Egress rule deny-egress (Deny) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: @@ -12,7 +12,7 @@ CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: All Connections due to the following policies//rules: EGRESS DIRECTION (ALLOWED) 1) [ANP] egress-peer-1//Egress rule allow-egress (Allow) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: @@ -31,7 +31,7 @@ All Connections due to the following policies//rules: INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => ns1/pod1[Deployment] 0.0.0.0-255.255.255.255 => ns2/pod1[Deployment] 0.0.0.0-255.255.255.255 => ns3/pod1[Deployment] diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index 71278b87..d47b0af1 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) @@ -82,7 +82,7 @@ ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: 1) [NP] foo/allow-monitoring//Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => bar/mybar[Pod] 0.0.0.0-255.255.255.255 => baz/mybaz[Pod] 0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index 87ca1aac..4e498451 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) @@ -65,7 +65,7 @@ All Connections due to the following policies//rules: 2) [NP] foo/allow-monitoring//Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => bar/mybar[Pod] 0.0.0.0-255.255.255.255 => baz/mybaz[Pod] 0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt index 376e591a..1a510a70 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt @@ -28,7 +28,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt index cbb02942..6931b524 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt @@ -17,7 +17,7 @@ No Connections due to the following policies//rules: 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index 03877b84..951b47a9 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor//Ingress (captured but not selected by any Ingress rule) @@ -10,7 +10,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress (captured but not selected by any Ingress rule) @@ -153,7 +153,7 @@ CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => gryffindor/harry-potter[StatefulSet]: @@ -217,7 +217,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => hufflepuff/cedric-diggory[StatefulSet] 0.0.0.0-255.255.255.255 => slytherin/draco-malfoy[StatefulSet] gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt index 663587a2..a43bfbfb 100644 --- a/test_outputs/connlist/anp_test_10_explain_output.txt +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -37,7 +37,7 @@ DENIED UDP:[5353] due to the following policies//rules: INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index 36ecbe2a..46b9ffdb 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -2,17 +2,17 @@ CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -20,17 +20,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -38,17 +38,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -56,17 +56,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -74,17 +74,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -92,17 +92,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -110,17 +110,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -128,7 +128,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -136,7 +136,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -144,7 +144,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -152,7 +152,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -160,7 +160,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -168,7 +168,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -176,7 +176,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -184,17 +184,17 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -202,17 +202,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -220,17 +220,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -238,17 +238,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -256,17 +256,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -274,17 +274,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -292,17 +292,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -310,7 +310,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -318,7 +318,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -326,7 +326,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -334,7 +334,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -342,7 +342,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -350,7 +350,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -358,7 +358,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -366,17 +366,17 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -384,17 +384,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -402,17 +402,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -420,17 +420,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -438,17 +438,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -456,17 +456,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -474,17 +474,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -492,7 +492,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -500,7 +500,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -508,7 +508,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -516,7 +516,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -524,7 +524,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -532,7 +532,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -540,7 +540,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) @@ -548,17 +548,17 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -566,17 +566,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -584,17 +584,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -602,17 +602,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -620,17 +620,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -638,17 +638,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -656,17 +656,17 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 DENIED UDP:[1-52,54-65535] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) @@ -1847,7 +1847,7 @@ No Connections due to the following policies//rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-9.255.255.255 => default/cognetive-agents-agent[DaemonSet] 0.0.0.0-9.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] 0.0.0.0-9.255.255.255 => default/cognetive-agents[DaemonSet] diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt index d5edba17..df7dfd06 100644 --- a/test_outputs/connlist/netpol_named_port_test_explain_output.txt +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => helloworld/pod-a[Deployment]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] helloworld/enable-ingress-from-named-port//Ingress (captured but not selected by any Ingress rule) @@ -20,7 +20,7 @@ CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] helloworld/enable-ingress-from-named-port//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => helloworld/new-pod[Deployment]: @@ -31,6 +31,6 @@ No Connections due to the following policies//rules: INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => helloworld/new-pod[Deployment] helloworld/new-pod[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt index e329bf1e..9c58f252 100644 --- a/test_outputs/connlist/onlineboutique_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -2,7 +2,7 @@ CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice-77d5cd745d[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -10,7 +10,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice-74f56fd4b[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -18,7 +18,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice-69c8ff664b[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -26,7 +26,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice-77654bbbdd[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -34,7 +34,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice-54c7c5d9d[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -42,7 +42,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend-99684f7f8[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) @@ -50,7 +50,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator-555fbdc87d[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -58,7 +58,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice-bbcbdc6b6[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -66,7 +66,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice-68765d49b6[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -74,7 +74,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice-5f8c456796[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -82,7 +82,7 @@ No Connections due to the following policies//rules: CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice-5bd985c46d[ReplicaSet]: No Connections due to the following policies//rules: - EGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) @@ -92,7 +92,7 @@ CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => 0.0.0.0-255.255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: @@ -198,7 +198,7 @@ CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => 0.0.0.0-255.255 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -304,7 +304,7 @@ CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => 0.0.0.0-25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -482,7 +482,7 @@ CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -588,7 +588,7 @@ CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => 0.0.0.0-255.25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -694,7 +694,7 @@ CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => 0.0.0.0-255.255.25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -884,7 +884,7 @@ CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => 0.0.0.0-255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -1002,7 +1002,7 @@ CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => 0.0.0.0-255. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -1108,7 +1108,7 @@ CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => 0.0. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -1214,7 +1214,7 @@ CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => 0.0. No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -1420,7 +1420,7 @@ CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => 0.0.0.0-25 No Connections due to the following policies//rules: EGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the assumed default for IPblock (Allow all) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -1521,6 +1521,6 @@ No Connections due to the following policies//rules: INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default or the assumed default for IPblock (Allow all): +The following nodes are connected due to the system default (Allow all): 0.0.0.0-255.255.255.255 => default/redis-cart-78746d49dc[ReplicaSet] default/redis-cart-78746d49dc[ReplicaSet] => 0.0.0.0-255.255.255.255 From 44f6c94868945cf00ca0e0d9fc3c24974d02569d Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 20 Jan 2025 14:07:57 +0200 Subject: [PATCH 22/28] Added explanability option documtation to REAME --- README.md | 3 + docs/explain_analysis.md | 301 ++++++++++++++++++ .../anp_banp_blog_demo_2_explain_output.txt | 14 +- tests/anp_banp_blog_demo_2/policies.yaml | 6 +- 4 files changed, 314 insertions(+), 10 deletions(-) create mode 100644 docs/explain_analysis.md diff --git a/README.md b/README.md index 1a4a2cf9..fc0c2a75 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ Examples: k8snetpolicy list -k ./kube/config Flags: + --explain Enhance the analysis of permitted connectivity with explainability information --exposure Enhance the analysis of permitted connectivity with exposure analysis -f, --file string Write output to specified file --focusworkload string Focus connections of specified workload in the output ( or ) @@ -151,6 +152,8 @@ source: default/redis-cart[Deployment], destination: 0.0.0.0-255.255.255.255, di Additional details about the connectivity analysis and its output is specified [here](docs/connlist_output.md). +Additional details about explainability analysis (`--explain` flag for the `list` command) is specified [here](docs/explain_analysis.md). + Additional details about exposure analysis (`--exposure` flag for the `list` command) is specified [here](docs/exposure_analysis.md). Additional details about the connectivity diff command and its output is specified [here](docs/diff_output.md). diff --git a/docs/explain_analysis.md b/docs/explain_analysis.md new file mode 100644 index 00000000..52c111fc --- /dev/null +++ b/docs/explain_analysis.md @@ -0,0 +1,301 @@ +# Explain analysis - enhance `list` connectivity analysis + +## Motivation + +`list` without `--exposure`, produces a report of permitted connectivity between pairs of nodes, without an explanation what resources contributed to this connectivity being allowed.\ +Likewise, it does not detail neither explain all denied connectivity. + +The goal of explainability analysis is to provide this additional information, specifying the resources (such as network policies, admin network policies, routes and more) that contributed to allowing or denying a connectivity between any pair of nodes. +This report can help testing whether the configured resources induce connectivity as expected, and give hints to where the resources may be changed to + achieve the desired result. + +The explainability analysis is currently supported for txt output format of the `list` command. +To run explainability analysis, just run the `list` command with the additional `--explain` flag. + +The section below details a comprehensive example of input manifests for workloads and network policies, and shows the output result of explainability analysis. + + +## Example + +### Input Manifests: +`Namespaces and Pods`: +``` +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foo + labels: + security: internal + kubernetes.io/metadata.name: foo + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bar + labels: + security: internal + kubernetes.io/metadata.name: bar + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: baz + labels: + kubernetes.io/metadata.name: baz + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + kubernetes.io/metadata.name: monitoring + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: foo + name: myfoo + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: fooimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: bar + name: mybar + labels: + security: internal +spec: + containers: + - name: myfirstcontainer + image: barimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: baz + name: mybaz + labels: + security: none +spec: + containers: + - name: myfirstcontainer + image: bazimage + +--- +apiVersion: v1 +kind: Pod +metadata: + namespace: monitoring + name: mymonitoring + labels: + security: monitoring +spec: + containers: + - name: myfirstcontainer + image: monitoringimage + +``` + +`NetworkPolicy`: +``` +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: foo +spec: + podSelector: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring +``` + +`BaselineAdminNetworkPolicy`: +``` +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: BaselineAdminNetworkPolicy +metadata: + name: default +spec: + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "deny-ingress-from-all-namespaces-on-TCP1-9000" + action: "Deny" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portRange: + protocol: TCP + start: 1 + end: 9000 +``` + +`AdminNetworkPolicies`: +``` +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: allow-monitoring +spec: + priority: 9 + subject: + namespaces: {} + ingress: + - name: "allow-ingress-from-monitoring-on-TCP1234" + action: "Allow" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 1234 + +--- +apiVersion: policy.networking.k8s.io/v1alpha1 +kind: AdminNetworkPolicy +metadata: + name: pass-monitoring +spec: + priority: 7 + subject: + namespaces: + matchLabels: + security: internal + ingress: + - name: "pass-ingress-from-monitoring-on-TCP8080" + action: "Pass" + from: + - namespaces: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - portNumber: + protocol: TCP + port: 8080 + +``` +#### Textual Result: +``` +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[9001-65535] the system default (Allow all) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +DENIED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: + +ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: + +ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED TCP:[1234] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + +ALLOWED TCP:[8080] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [NP] foo/allow-monitoring//Ingress rule #1 + +ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] foo/allow-monitoring//Ingress rule #1 + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => bar/mybar[Pod] +0.0.0.0-255.255.255.255 => baz/mybaz[Pod] +0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] +bar/mybar[Pod] => 0.0.0.0-255.255.255.255 +bar/mybar[Pod] => baz/mybaz[Pod] +bar/mybar[Pod] => monitoring/mymonitoring[Pod] +baz/mybaz[Pod] => 0.0.0.0-255.255.255.255 +baz/mybaz[Pod] => bar/mybar[Pod] +baz/mybaz[Pod] => monitoring/mymonitoring[Pod] +foo/myfoo[Pod] => 0.0.0.0-255.255.255.255 +foo/myfoo[Pod] => bar/mybar[Pod] +foo/myfoo[Pod] => baz/mybaz[Pod] +foo/myfoo[Pod] => monitoring/mymonitoring[Pod] +monitoring/mymonitoring[Pod] => 0.0.0.0-255.255.255.255 +``` diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index d47b0af1..70ef9ab3 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -28,7 +28,7 @@ CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) ALLOWED TCP:[9001-65535] the system default (Allow all) @@ -37,13 +37,13 @@ ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) DENIED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) - 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: @@ -53,7 +53,7 @@ ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) @@ -68,12 +68,12 @@ ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: ALLOWED TCP:[1234] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) ALLOWED TCP:[8080] due to the following policies//rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) + 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) 2) [NP] foo/allow-monitoring//Ingress rule #1 ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: diff --git a/tests/anp_banp_blog_demo_2/policies.yaml b/tests/anp_banp_blog_demo_2/policies.yaml index 08f61ca7..e13d77e8 100644 --- a/tests/anp_banp_blog_demo_2/policies.yaml +++ b/tests/anp_banp_blog_demo_2/policies.yaml @@ -25,7 +25,7 @@ spec: matchLabels: security: internal ingress: - - name: "deny-ingress-from-all-namespaces" + - name: "deny-ingress-from-all-namespaces-on-TCP1-9000" action: "Deny" from: - namespaces: @@ -48,7 +48,7 @@ spec: subject: namespaces: {} ingress: - - name: "allow-ingress-from-monitoring" + - name: "allow-ingress-from-monitoring-on-TCP1234" action: "Allow" from: - namespaces: @@ -74,7 +74,7 @@ spec: matchLabels: security: internal ingress: - - name: "pass-ingress-from-monitoring" + - name: "pass-ingress-from-monitoring-on-TCP8080" action: "Pass" from: - namespaces: From 2328c5492cde872753cd880fe32a8e6c2091ef0c Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 20 Jan 2025 15:11:22 +0200 Subject: [PATCH 23/28] Removed unused functions / code. --- .../internal/common/augmented_intervalset.go | 40 ------------------- pkg/netpol/internal/common/connectionset.go | 8 +--- 2 files changed, 2 insertions(+), 46 deletions(-) diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index fd31bc66..6c3eab22 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -82,9 +82,6 @@ func (rules *ImplyingRulesType) Equal(other *ImplyingRulesType) bool { } func (rules *ImplyingXgressRulesType) Copy() ImplyingXgressRulesType { - if rules == nil { - return InitImplyingXgressRules() - } res := ImplyingXgressRulesType{Rules: map[string]int{}, DominantLayer: rules.DominantLayer, Result: rules.Result} for k, v := range rules.Rules { res.Rules[k] = v @@ -386,10 +383,6 @@ func (c *AugmentedCanonicalSet) Intervals() []AugmentedInterval { return slices.Clone(c.intervalSet) } -func (c *AugmentedCanonicalSet) NumIntervals() int { - return len(c.intervalSet) -} - const ( errMinFromEmptySet = "cannot take min from empty interval set" errOutOfRangeInterval = "cannot add interval which is out of scope of AugmentedCanonicalSet" @@ -439,16 +432,6 @@ func (c *AugmentedCanonicalSet) IsUnfilled() bool { return len(c.intervalSet) == 0 } -func (c *AugmentedCanonicalSet) CalculateSize() int64 { - var res int64 = 0 - for _, r := range c.intervalSet { - if r.inSet { - res += r.interval.Size() - } - } - return res -} - // func (c *AugmentedCanonicalSet) isConsistent() bool { // lastInd := len(c.intervalSet) - 1 // if lastInd < 0 { @@ -745,29 +728,6 @@ func (c *AugmentedCanonicalSet) Subtract(other *AugmentedCanonicalSet) *Augmente return res } -func (c *AugmentedCanonicalSet) ClearInSet() { - for i := range c.intervalSet { - c.intervalSet[i].inSet = false - } -} - -// Elements returns a slice with all the numbers contained in the set. -// USE WITH CARE. It can easily run out of memory for large sets. -func (c *AugmentedCanonicalSet) Elements() []int64 { - // allocate memory up front, to fail early - res := make([]int64, c.CalculateSize()) - i := 0 - for _, interval := range c.intervalSet { - if interval.inSet { - for v := interval.interval.Start(); v <= interval.interval.End(); v++ { - res[i] = v - i++ - } - } - } - return res -} - func (c *AugmentedCanonicalSet) GetEquivalentCanonicalAugmentedSet() *AugmentedCanonicalSet { res := NewAugmentedCanonicalSet(c.MinValue(), c.MaxValue(), false) interv, index := c.nextIncludedInterval(0) diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 7a7412af..58b6d340 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -448,14 +448,10 @@ func portsString(ports []PortRange) string { currInterval := interval.New(0, -1) // an empty interval for i := range ports { if ports[i].(*PortRangeData).InSet() { - switch { - case currInterval.IsEmpty(): + if currInterval.IsEmpty() { currInterval = interval.New(ports[i].Start(), ports[i].End()) - case currInterval.End()+1 == ports[i].Start(): + } else { // the intervals are consequent, i.e., currInterval.End()+1 == ports[i].Start() currInterval = interval.New(currInterval.Start(), ports[i].End()) // extend the interval - default: - portsStr = append(portsStr, currInterval.ShortString()) - currInterval = interval.New(0, -1) } } else if !currInterval.IsEmpty() { portsStr = append(portsStr, currInterval.ShortString()) From 8cb665dfdf9422114e801d0ef099f53e155f0461 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 21 Jan 2025 10:38:57 +0200 Subject: [PATCH 24/28] Small change in explanability formatting; changed expected results accordingly. Sorted explanability test order. Added a new test. --- pkg/netpol/connlist/explanation_test.go | 25 +- .../ingressanalyzer/ingress_analyzer.go | 2 +- pkg/netpol/eval/internal/k8s/adminnetpol.go | 2 +- pkg/netpol/eval/internal/k8s/netpol.go | 4 +- .../internal/common/augmented_intervalset.go | 2 +- .../acs-security-demos_explain_output.txt | 2578 ++++++++--------- ...networks_and_nodes_test_explain_output.txt | 16 +- .../anp_banp_blog_demo_2_explain_output.txt | 48 +- .../anp_banp_blog_demo_explain_output.txt | 36 +- ...with_named_port_matched_explain_output.txt | 22 +- ...th_named_port_unmatched_explain_output.txt | 12 +- .../connlist/anp_demo_explain_output.txt | 140 +- .../connlist/anp_test_10_explain_output.txt | 20 +- ...with_routes_and_ingress_explain_output.txt | 53 + .../connlist/ipblockstest_explain_output.txt | 1008 +++---- .../netpol_named_port_test_explain_output.txt | 16 +- .../onlineboutique_explain_output.txt | 1016 +++---- 17 files changed, 2528 insertions(+), 2472 deletions(-) create mode 100644 test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 9565e751..5e7175d8 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -49,36 +49,39 @@ var explainTests = []struct { focusWorkload string }{ { - testDirName: "anp_demo", + testDirName: "acs-security-demos", }, { - testDirName: "acs-security-demos", + testDirName: "anp_and_banp_using_networks_and_nodes_test", }, { - testDirName: "onlineboutique", + testDirName: "anp_banp_blog_demo", }, { - testDirName: "anp_test_10", + testDirName: "anp_banp_blog_demo_2", }, { - testDirName: "ipblockstest", + testDirName: "anp_banp_test_with_named_port_matched", }, { - testDirName: "netpol_named_port_test", + testDirName: "anp_banp_test_with_named_port_unmatched", }, { - testDirName: "anp_banp_blog_demo", + testDirName: "anp_demo", }, { - testDirName: "anp_banp_blog_demo_2", + testDirName: "anp_test_10", }, { - testDirName: "anp_and_banp_using_networks_and_nodes_test", + testDirName: "demo_app_with_routes_and_ingress", }, { - testDirName: "anp_banp_test_with_named_port_matched", + testDirName: "ipblockstest", }, { - testDirName: "anp_banp_test_with_named_port_unmatched", + testDirName: "netpol_named_port_test", + }, + { + testDirName: "onlineboutique", }, } diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index e2557181..97afb6dc 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -335,7 +335,7 @@ func (ia *IngressAnalyzer) getIngressObjectTargetedPeersAndPorts(ns, ingObjStr s if !ok { ia.logWarning("Ignoring target service " + svc.serviceName + " : service not found") } - ruleName := fmt.Sprintf("[%s] %s//service %s", ingType, ingObjStr, svc.serviceName) + ruleName := fmt.Sprintf("[%s] %s // service %s", ingType, ingObjStr, svc.serviceName) for _, peer := range peersAndPorts.peers { currIngressPeerConn, err := ia.getIngressPeerConnection(peer, peersAndPorts.ports, svc.servicePort, ruleName) if err != nil { diff --git a/pkg/netpol/eval/internal/k8s/adminnetpol.go b/pkg/netpol/eval/internal/k8s/adminnetpol.go index f8526c85..047e73d4 100644 --- a/pkg/netpol/eval/internal/k8s/adminnetpol.go +++ b/pkg/netpol/eval/internal/k8s/adminnetpol.go @@ -627,7 +627,7 @@ func ruleFullName(policyName, ruleName, action string, isIngress bool) string { if isIngress { xgress = ingressName } - return fmt.Sprintf("%s//%s rule %s (%s)", policyName, xgress, ruleName, action) + return fmt.Sprintf("%s // %s rule %s (%s)", policyName, xgress, ruleName, action) } // rulePeersReferencedNetworks returns a list of IPBlocks representing the CIDRs referenced by the given rulePeers' Networks field. diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index 14d7747e..de389a34 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -418,7 +418,7 @@ func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) s if isIngress { xgress = "Ingress" } - return fmt.Sprintf("%s//%s "+expl, np.FullName(), xgress, xgress) + return fmt.Sprintf("%s // %s "+expl, np.FullName(), xgress, xgress) } func explNoMatchOfNamedPortsToDst(ruleName string) string { @@ -590,7 +590,7 @@ func (np *NetworkPolicy) ruleName(ruleIdx int, isIngress bool) string { if isIngress { xgress = ingressName } - return fmt.Sprintf("%s//%s rule #%d", np.FullName(), xgress, ruleIdx+1) + return fmt.Sprintf("%s // %s rule #%d", np.FullName(), xgress, ruleIdx+1) } func (np *NetworkPolicy) LogWarnings(l logger.Logger) { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 6c3eab22..6a65cf63 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -98,7 +98,7 @@ func (rules *ImplyingRulesType) Copy() ImplyingRulesType { const ( ExplString = "due to " - ExplWithRulesTitle = ExplString + "the following policies//rules:" + ExplWithRulesTitle = ExplString + "the following policies // rules:" IngressDirectionTitle = "\tINGRESS DIRECTION" EgressDirectionTitle = "\tEGRESS DIRECTION" NewLine = "\n" diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt index b5eafd8a..c6fad617 100644 --- a/test_outputs/connlist/acs-security-demos_explain_output.txt +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -1,2597 +1,2597 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress (captured but not selected by any Egress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Egress (captured but not selected by any Egress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/notification[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #1 + 1) [NP] backend/checkout-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/notification-netpol//Ingress rule #1 + 1) [NP] backend/notification-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/recommendation[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #2 + 1) [NP] backend/checkout-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Ingress rule #1 + 1) [NP] backend/recommendation-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/reports[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/shipping[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/gateway[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #3 + 1) [NP] backend/checkout-netpol // Egress rule #3 INGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Ingress rule #1 + 1) [NP] payments/gateway-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/mastercard-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/visa-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Egress rule #4 + 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #1 + 1) [NP] backend/recommendation-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/catalog-netpol//Ingress rule #1 + 1) [NP] backend/catalog-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/notification[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/reports[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/shipping[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/mastercard-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/visa-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Egress rule #2 + 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/catalog[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #1 + 1) [NP] backend/reports-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/catalog-netpol//Ingress rule #2 + 1) [NP] backend/catalog-netpol // Ingress rule #2 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/notification[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/recommendation[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #2 + 1) [NP] backend/reports-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Ingress rule #2 + 1) [NP] backend/recommendation-netpol // Ingress rule #2 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => payments/mastercard-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => payments/visa-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Egress rule #3 + 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #1 + 1) [NP] frontend/webapp-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol//Ingress rule #1 + 1) [NP] backend/checkout-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/recommendation[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #2 + 1) [NP] frontend/webapp-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/recommendation-netpol//Ingress rule #3 + 1) [NP] backend/recommendation-netpol // Ingress rule #3 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #3 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/reports[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #3 + 1) [NP] frontend/webapp-netpol // Egress rule #3 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/reports-netpol//Ingress rule #1 + 1) [NP] backend/reports-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/shipping[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #4 + 1) [NP] frontend/webapp-netpol // Egress rule #4 INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/shipping-netpol//Ingress rule #1 + 1) [NP] backend/shipping-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/mastercard-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/visa-processor[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Egress rule #5 + 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/checkout[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/notification[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/recommendation[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/reports[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/shipping[Deployment]: -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/mastercard-processor[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #1 + 1) [NP] payments/gateway-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] payments/mastercard-processor-netpol//Ingress rule #1 + 1) [NP] payments/mastercard-processor-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/visa-processor[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #2 + 1) [NP] payments/gateway-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] payments/visa-processor-netpol//Ingress rule #1 + 1) [NP] payments/visa-processor-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] payments/gateway-netpol//Egress rule #3 + 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) -DENIED {SCTP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol//Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendation[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-processor[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [Route] frontend/asset-cache//service asset-cache-service - 2) [NP] frontend/asset-cache-netpol//Ingress rule #1 + 1) [Route] frontend/asset-cache // service asset-cache-service + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [Route] frontend/webapp//service webapp-service - 2) [NP] frontend/webapp-netpol//Ingress rule #1 + 1) [Route] frontend/webapp // service webapp-service + 2) [NP] frontend/webapp-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend//Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt index d01859bb..87df27bf 100644 --- a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -1,33 +1,33 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] egress-peer-1//Egress rule deny-egress (Deny) + 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-peer-1//Egress rule allow-egress (Allow) + 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] egress-peer-1//Egress rule deny-egress (Deny) + 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns3/pod1[Deployment]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-peer-1//Egress rule allow-egress (Allow) + 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index 70ef9ab3..f1935169 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -1,85 +1,85 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: -ALLOWED TCP:[1234] due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) ALLOWED TCP:[9001-65535] the system default (Allow all) ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) -DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies//rules: +DENIED TCP:[1-1233,1235-8079,8081-9000] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) -DENIED TCP:[8080] due to the following policies//rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) - 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [BANP] default // Ingress rule deny-ingress-from-all-namespaces-on-TCP1-9000 (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: ALLOWED TCP:[1-1233,1235-65535] the system default (Allow all) -ALLOWED TCP:[1234] due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) ALLOWED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: -ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies//rules: +ALLOWED TCP:[1-1233,1235-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] foo/allow-monitoring//Ingress rule #1 + 1) [NP] foo/allow-monitoring // Ingress rule #1 -ALLOWED TCP:[1234] due to the following policies//rules: +ALLOWED TCP:[1234] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring-on-TCP1234 (Allow) -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) - 2) [NP] foo/allow-monitoring//Ingress rule #1 + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring-on-TCP8080 (Pass) + 2) [NP] foo/allow-monitoring // Ingress rule #1 -ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] foo/allow-monitoring//Ingress rule #1 + 1) [NP] foo/allow-monitoring // Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index 4e498451..3942f125 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -1,68 +1,68 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN baz/mybaz[Pod] => bar/mybar[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring//Ingress (captured but not selected by any Ingress rule) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN foo/myfoo[Pod] => bar/mybar[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + 1) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) - 2) [BANP] default//Ingress rule deny-ingress-from-all-namespaces (Deny) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) + 2) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring//Ingress rule allow-ingress-from-monitoring (Allow) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring (Allow) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-monitoring//Ingress rule pass-ingress-from-monitoring (Pass) - 2) [NP] foo/allow-monitoring//Ingress rule #1 + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring // Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt index 1a510a70..a8647ac3 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt @@ -1,31 +1,31 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] pass-example//Egress rule pass-all-egress-to-slytherin (Pass) - 2) [BANP] default//Egress rule deny-all-egress-to-slytherin (Deny) + 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: -ALLOWED TCP:[80] due to the following policies//rules: +ALLOWED TCP:[80] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-example//Ingress rule allow-ingress-from-slytherin-on-named-port (Allow) + 1) [ANP] pass-example // Ingress rule allow-ingress-from-slytherin-on-named-port (Allow) -DENIED TCP:[1-79,81-65535] due to the following policies//rules: +DENIED TCP:[1-79,81-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) - 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) - 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt index 6931b524..f7dc34e6 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt @@ -1,20 +1,20 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] pass-example//Egress rule pass-all-egress-to-slytherin (Pass) - 2) [BANP] default//Egress rule deny-all-egress-to-slytherin (Deny) + 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] pass-example//Ingress rule pass-all-ingress-from-slytherin (Pass) - 2) [BANP] default//Ingress rule deny-all-ingress-from-slytherin (Deny) + 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index 951b47a9..cdbc7952 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -1,78 +1,78 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor//Ingress (captured but not selected by any Ingress rule) + 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress (captured but not selected by any Ingress rule) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: -ALLOWED SCTP:[9003] due to the following policies//rules: +ALLOWED SCTP:[9003] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -ALLOWED UDP:[5353] due to the following policies//rules: +ALLOWED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) + 1) [ANP] gress-rules-gryffindor // Egress rule allow-to-hufflepuff-at-ports-8080-5353 (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED SCTP:[1-9002,9004-65535] due to the following policies//rules: +DENIED SCTP:[1-9002,9004-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED UDP:[1-52,54-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED UDP:[53] due to the following policies//rules: +DENIED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-hufflepuff-everything-else (Deny) INGRESS DIRECTION (ALLOWED) - 1) [ANP] ingress-to-hufflepuff//Ingress rule allow-from-gryffindor-at-port-53 (Allow) + 1) [ANP] ingress-to-hufflepuff // Ingress rule allow-from-gryffindor-at-port-53 (Allow) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: -ALLOWED UDP:[52] due to the following policies//rules: +ALLOWED UDP:[52] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) - 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 -DENIED UDP:[1-51,53-65535] due to the following policies//rules: +DENIED UDP:[1-51,53-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) - 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 (ports not referenced by the rule) + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] ingress-to-ravenclaw//Ingress rule pass-from-gryffindor-everything (Pass) - 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #2 (protocols not referenced by the rule) + 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: @@ -83,138 +83,138 @@ ALLOWED TCP:[1-79,81-65535] the system default (Allow all) ALLOWED UDP:[1-52,54-65535] the system default (Allow all) -DENIED SCTP:[9003] due to the following policies//rules: +DENIED SCTP:[9003] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED TCP:[80] due to the following policies//rules: +DENIED TCP:[80] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED UDP:[53] due to the following policies//rules: +DENIED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) + 1) [ANP] gress-rules-gryffindor // Egress rule deny-to-slytherin-at-ports-80-53-9003 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => gryffindor/harry-potter[StatefulSet]: -ALLOWED SCTP:[9003] due to the following policies//rules: +ALLOWED SCTP:[9003] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) -ALLOWED TCP:[80] due to the following policies//rules: +ALLOWED TCP:[80] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) -ALLOWED UDP:[5353] due to the following policies//rules: +ALLOWED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-hufflepuff-at-port-80-5353-9003 (Allow) -DENIED SCTP:[1-9002,9004-65535] due to the following policies//rules: +DENIED SCTP:[1-9002,9004-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) -DENIED TCP:[1-79,81-65535] due to the following policies//rules: +DENIED TCP:[1-79,81-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) -DENIED UDP:[1-5352,5354-65535] due to the following policies//rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] gress-rules-gryffindor//Ingress rule deny-from-hufflepuff-everything-else (Deny) + 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress (captured but not selected by any Ingress rule) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [BANP] default//Ingress rule deny-all-ingress-from-hufflepuff (Deny) + 1) [BANP] default // Ingress rule deny-all-ingress-from-hufflepuff (Deny) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => gryffindor/harry-potter[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) - 1) [ANP] gress-rules-gryffindor//Ingress rule allow-from-ravenclaw-everything (Allow) + 1) [ANP] gress-rules-gryffindor // Ingress rule allow-from-ravenclaw-everything (Allow) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ravenclaw/luna-lovegood[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] anp-priority-10//Ingress rule pass-all-ingress-from-slytherin (Pass) - 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor//Ingress rule #1 + 1) [ANP] anp-priority-10 // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [ANP] ingress-to-hufflepuff//Ingress rule pass-from-slytherin (Pass) + 1) [ANP] ingress-to-hufflepuff // Ingress rule pass-from-slytherin (Pass) 2) the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: -ALLOWED TCP:[1-79,81-65535] due to the following policies//rules: +ALLOWED TCP:[1-79,81-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #1 + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 -DENIED TCP:[80] due to the following policies//rules: +DENIED TCP:[80] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [ANP] ingress-to-ravenclaw//Ingress rule deny-from-slytherin-at-port-80 (Deny) + 1) [ANP] ingress-to-ravenclaw // Ingress rule deny-from-slytherin-at-port-80 (Deny) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt index a43bfbfb..f447667a 100644 --- a/test_outputs/connlist/anp_test_10_explain_output.txt +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -1,27 +1,27 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-udp//Egress rule allow-to-gryffindor-at-port-53 (Allow) + 1) [ANP] egress-udp // Egress rule allow-to-gryffindor-at-port-53 (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] egress-udp//Egress rule deny-to-gryffindor-everything-else (Deny) + 1) [ANP] egress-udp // Egress rule deny-to-gryffindor-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] egress-udp//Egress rule deny-to-gryffindor-everything-else (Deny) + 1) [ANP] egress-udp // Egress rule deny-to-gryffindor-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: -All Connections due to the following policies//rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-udp//Egress rule allow-to-ravenclaw-everything (Allow) + 1) [ANP] egress-udp // Egress rule allow-to-ravenclaw-everything (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -31,9 +31,9 @@ ALLOWED UDP:[1-5352,5354-65535] the system default (Allow all) ALLOWED {SCTP,TCP}:[ALL PORTS] the system default (Allow all) -DENIED UDP:[5353] due to the following policies//rules: +DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [ANP] egress-udp//Egress rule deny-to-slytherin-at-port-5353 (Deny) + 1) [ANP] egress-udp // Egress rule deny-to-slytherin-at-port-5353 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- diff --git a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt new file mode 100644 index 00000000..f38b65a3 --- /dev/null +++ b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt @@ -0,0 +1,53 @@ +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => helloworld/hello-world[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] helloworld/hello-world // service hello-world + 2) the system default (Allow all) + +DENIED TCP:[1-7999,8001-65535] the system default (Allow all) + +DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => ingressworld/ingress-world[Deployment]: + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world + 2) the system default (Allow all) + +DENIED TCP:[1-8089,8091-65535] the system default (Allow all) + +DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => routeworld/route-world[Deployment]: + +ALLOWED TCP:[8060] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routeworld/route-world // service route-world + 2) the system default (Allow all) + +DENIED TCP:[1-8059,8061-65535] the system default (Allow all) + +DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +The following nodes are connected due to the system default (Allow all): +0.0.0.0-255.255.255.255 => helloworld/hello-world[Deployment] +0.0.0.0-255.255.255.255 => ingressworld/ingress-world[Deployment] +0.0.0.0-255.255.255.255 => routeworld/route-world[Deployment] +helloworld/hello-world[Deployment] => 0.0.0.0-255.255.255.255 +helloworld/hello-world[Deployment] => ingressworld/ingress-world[Deployment] +helloworld/hello-world[Deployment] => routeworld/route-world[Deployment] +ingressworld/ingress-world[Deployment] => 0.0.0.0-255.255.255.255 +ingressworld/ingress-world[Deployment] => helloworld/hello-world[Deployment] +ingressworld/ingress-world[Deployment] => routeworld/route-world[Deployment] +routeworld/route-world[Deployment] => 0.0.0.0-255.255.255.255 +routeworld/route-world[Deployment] => helloworld/hello-world[Deployment] +routeworld/route-world[Deployment] => ingressworld/ingress-world[Deployment] diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index 46b9ffdb..b83a8163 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -1,1850 +1,1850 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -ALLOWED UDP:[53] due to the following policies//rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -DENIED UDP:[1-52,54-65535] due to the following policies//rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-analyzer[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-10-5c9dd7c9c[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ibm-system/ibm-cloud-provider-ip-169-60-164-14-6d448884df[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher-for-demo[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-keepalived-watcher[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd-with-tier[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-kube-fluentd[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier//Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- The following nodes are connected due to the system default (Allow all): diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt index df7dfd06..6cef8fe0 100644 --- a/test_outputs/connlist/netpol_named_port_test_explain_output.txt +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -1,33 +1,33 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => helloworld/pod-a[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Ingress (captured but not selected by any Ingress rule) + 1) [NP] helloworld/enable-ingress-from-named-port // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN helloworld/new-pod[Deployment] => helloworld/pod-a[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Ingress rule #1 (named ports of the rule have no match in the configuration of the dst peer) + 1) [NP] helloworld/enable-ingress-from-named-port // Ingress rule #1 (named ports of the rule have no match in the configuration of the dst peer) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] helloworld/enable-ingress-from-named-port // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN helloworld/pod-a[Deployment] => helloworld/new-pod[Deployment]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] helloworld/enable-ingress-from-named-port//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] helloworld/enable-ingress-from-named-port // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt index 9c58f252..b15ebd3e 100644 --- a/test_outputs/connlist/onlineboutique_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -1,1523 +1,1523 @@ ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice-77d5cd745d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice-74f56fd4b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -ALLOWED TCP:[7070] due to the following policies//rules: +ALLOWED TCP:[7070] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #1 + 1) [NP] default/checkoutservice-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/cartservice-netpol//Ingress rule #1 + 1) [NP] default/cartservice-netpol // Ingress rule #1 -DENIED TCP:[1-7069,7071-65535] due to the following policies//rules: +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -ALLOWED TCP:[7000] due to the following policies//rules: +ALLOWED TCP:[7000] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #2 + 1) [NP] default/checkoutservice-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/currencyservice-netpol//Ingress rule #1 + 1) [NP] default/currencyservice-netpol // Ingress rule #1 -DENIED TCP:[1-6999,7001-65535] due to the following policies//rules: +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #3 + 1) [NP] default/checkoutservice-netpol // Egress rule #3 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/emailservice-netpol//Ingress rule #1 + 1) [NP] default/emailservice-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -ALLOWED TCP:[50051] due to the following policies//rules: +ALLOWED TCP:[50051] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #4 + 1) [NP] default/checkoutservice-netpol // Egress rule #4 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/paymentservice-netpol//Ingress rule #1 + 1) [NP] default/paymentservice-netpol // Ingress rule #1 -DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -ALLOWED TCP:[3550] due to the following policies//rules: +ALLOWED TCP:[3550] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #5 + 1) [NP] default/checkoutservice-netpol // Egress rule #5 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 -DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -ALLOWED TCP:[50051] due to the following policies//rules: +ALLOWED TCP:[50051] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Egress rule #6 + 1) [NP] default/checkoutservice-netpol // Egress rule #6 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/shippingservice-netpol//Ingress rule #1 + 1) [NP] default/shippingservice-netpol // Ingress rule #1 -DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice-54c7c5d9d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -ALLOWED TCP:[9555] due to the following policies//rules: +ALLOWED TCP:[9555] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #1 + 1) [NP] default/frontend-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/adservice-netpol//Ingress rule #1 + 1) [NP] default/adservice-netpol // Ingress rule #1 -DENIED TCP:[1-9554,9556-65535] due to the following policies//rules: +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -ALLOWED TCP:[7070] due to the following policies//rules: +ALLOWED TCP:[7070] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #2 + 1) [NP] default/frontend-netpol // Egress rule #2 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/cartservice-netpol//Ingress rule #2 + 1) [NP] default/cartservice-netpol // Ingress rule #2 -DENIED TCP:[1-7069,7071-65535] due to the following policies//rules: +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -ALLOWED TCP:[5050] due to the following policies//rules: +ALLOWED TCP:[5050] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #3 + 1) [NP] default/frontend-netpol // Egress rule #3 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol//Ingress rule #1 + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 -DENIED TCP:[1-5049,5051-65535] due to the following policies//rules: +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -ALLOWED TCP:[7000] due to the following policies//rules: +ALLOWED TCP:[7000] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #4 + 1) [NP] default/frontend-netpol // Egress rule #4 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/currencyservice-netpol//Ingress rule #2 + 1) [NP] default/currencyservice-netpol // Ingress rule #2 -DENIED TCP:[1-6999,7001-65535] due to the following policies//rules: +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -ALLOWED TCP:[3550] due to the following policies//rules: +ALLOWED TCP:[3550] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #5 + 1) [NP] default/frontend-netpol // Egress rule #5 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 -DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #6 + 1) [NP] default/frontend-netpol // Egress rule #6 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/recommendationservice-netpol//Ingress rule #1 + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -ALLOWED TCP:[50051] due to the following policies//rules: +ALLOWED TCP:[50051] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Egress rule #7 + 1) [NP] default/frontend-netpol // Egress rule #7 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/shippingservice-netpol//Ingress rule #2 + 1) [NP] default/shippingservice-netpol // Ingress rule #2 -DENIED TCP:[1-50050,50052-65535] due to the following policies//rules: +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #7 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Egress rule #7 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -ALLOWED TCP:[8080] due to the following policies//rules: +ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/loadgenerator-netpol//Egress rule #1 + 1) [NP] default/loadgenerator-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol//Ingress rule #1 + 1) [NP] default/frontend-netpol // Ingress rule #1 -DENIED TCP:[1-8079,8081-65535] due to the following policies//rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice-bbcbdc6b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice-68765d49b6[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -ALLOWED TCP:[3550] due to the following policies//rules: +ALLOWED TCP:[3550] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) - 1) [NP] default/recommendationservice-netpol//Egress rule #1 + 1) [NP] default/recommendationservice-netpol // Egress rule #1 INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 -DENIED TCP:[1-3549,3551-65535] due to the following policies//rules: +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies//rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Egress (captured but not selected by any Egress rule) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart-78746d49dc[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => 0.0.0.0-255.255.255.255: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/loadgenerator-555fbdc87d[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol//Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol//Ingress (captured but not selected by any Ingress rule) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice-5bd985c46d[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: -No Connections due to the following policies//rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol//Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- From 00c229bd0fb2a2765376eb2423172334abf1e48e Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Tue, 21 Jan 2025 17:25:05 +0200 Subject: [PATCH 25/28] Another change in explanation output formatting and in the expected outputs correspondongly. Added more tests. --- pkg/netpol/connlist/connlist.go | 4 + pkg/netpol/connlist/conns_formatter_txt.go | 56 +- pkg/netpol/connlist/explanation_test.go | 12 + .../internal/common/augmented_intervalset.go | 7 +- pkg/netpol/internal/common/connectionset.go | 16 +- .../acs-security-demos_explain_output.txt | 1486 +++++++++-------- ...networks_and_nodes_test_explain_output.txt | 34 +- .../anp_banp_blog_demo_2_explain_output.txt | 58 +- .../anp_banp_blog_demo_explain_output.txt | 46 +- ...with_named_port_matched_explain_output.txt | 28 +- ...th_named_port_unmatched_explain_output.txt | 10 +- .../connlist/anp_demo_explain_output.txt | 104 +- .../connlist/anp_test_10_explain_output.txt | 30 +- ...with_routes_and_ingress_explain_output.txt | 10 +- .../connlist/ipblockstest_explain_output.txt | 310 ++-- .../k8s_ingress_test_new_explain_output.txt | 650 +++++++ ...ith_different_ports_new_explain_output.txt | 29 + ...le_topology_resources_2_explain_output.txt | 966 +++++++++++ .../netpol_named_port_test_explain_output.txt | 10 +- .../new_online_boutique_explain_output.txt | 1345 +++++++++++++++ .../onlineboutique_explain_output.txt | 646 +++---- 21 files changed, 4497 insertions(+), 1360 deletions(-) create mode 100644 test_outputs/connlist/k8s_ingress_test_new_explain_output.txt create mode 100644 test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt create mode 100644 test_outputs/connlist/multiple_topology_resources_2_explain_output.txt create mode 100644 test_outputs/connlist/new_online_boutique_explain_output.txt diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 70b51168..7e5b7d3d 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -384,6 +384,10 @@ func (c *connection) ProtocolsAndPorts() map[v1.Protocol][]common.PortRange { return c.protocolsAndPorts } +func (c *connection) OnlyCommonRules() bool { + return len(c.protocolsAndPorts) == 0 && !c.commonImplyingRules.Empty() +} + func (c *connection) OnlyDefaultRule() bool { return c.allConnections && len(c.protocolsAndPorts) == 0 && c.commonImplyingRules.OnlyDefaultRule() } diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index 7648689f..ea245412 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -9,6 +9,7 @@ package connlist import ( "fmt" "sort" + "strings" "github.com/np-guard/netpol-analyzer/pkg/netpol/internal/common" ) @@ -37,13 +38,21 @@ func (t *formatText) writeOutput(conns []Peer2PeerConnection, exposureConns []Ex func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConns, explain bool) string { connLines := make([]singleConnFields, 0, len(conns)) defaultConnLines := make([]singleConnFields, 0, len(conns)) + allConnLines := make([]singleConnFields, 0, len(conns)) + noConnLines := make([]singleConnFields, 0, len(conns)) t.ipMaps = createIPMaps(saveIPConns) for i := range conns { p2pConn := formSingleP2PConn(conns[i], explain) if explain { // when running with explanation, we print system default connections at the end - if conns[i].(*connection).OnlyDefaultRule() { - defaultConnLines = append(defaultConnLines, p2pConn) + if conns[i].(*connection).OnlyCommonRules() { + if conns[i].(*connection).OnlyDefaultRule() { + defaultConnLines = append(defaultConnLines, p2pConn) + } else if conns[i].(*connection).AllProtocolsAndPorts() { + allConnLines = append(allConnLines, p2pConn) + } else { + noConnLines = append(noConnLines, p2pConn) + } } else { connLines = append(connLines, p2pConn) } @@ -55,14 +64,18 @@ func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConn t.ipMaps.saveConnsWithIPs(conns[i], explain) } } - sortConnFields(connLines, true) - if explain { - sortConnFields(defaultConnLines, true) - } result := "" if explain { - result = writeExplanationOutput(connLines, defaultConnLines) + sortConnFields(connLines, true) + sortConnFields(defaultConnLines, true) + sortConnFields(allConnLines, true) + sortConnFields(noConnLines, true) + result = writeSingleTypeLinesExplanationOutput(allConnLines, allConnHeader, false) + + writeSingleTypeLinesExplanationOutput(connLines, specificConnHeader, false) + + writeSingleTypeLinesExplanationOutput(noConnLines, noConnHeader, false) + + writeSingleTypeLinesExplanationOutput(defaultConnLines, systemDefaultPairsHeader, true) } else { + sortConnFields(connLines, true) for _, p2pConn := range connLines { result += p2pConn.string() + newLineChar } @@ -70,26 +83,37 @@ func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConn return result } -func writeExplanationOutput(connLines, defaultConnLines []singleConnFields) string { - result := "" - for _, p2pConn := range connLines { - result += nodePairSeparationLine - result += p2pConn.stringWithExplanation() + newLineChar +func writeSingleTypeLinesExplanationOutput(lines []singleConnFields, header string, pairsOnly bool) string { + if len(lines) == 0 { + return "" } - if len(defaultConnLines) > 0 { - result += nodePairSeparationLine + systemDefaultPairsHeader - for _, p2pConn := range defaultConnLines { + result := writeGroupHeader(header) + for _, p2pConn := range lines { + if pairsOnly { result += p2pConn.nodePairString() + newLineChar + } else { + result += nodePairSeparationLine + result += p2pConn.stringWithExplanation() + newLineChar } } return result } +func writeGroupHeader(header string) string { + result := newLineChar + strings.Repeat("#", len(header)+4) + newLineChar + result += "# " + header + " #" + result += newLineChar + strings.Repeat("#", len(header)+4) + newLineChar + return result +} + const ( unprotectedHeader = "\nWorkloads not protected by network policies:\n" separationLine80 = "--------------------------------------------------------------------------------" nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine - systemDefaultPairsHeader = "The following nodes are connected due to " + common.SystemDefaultRule + ":\n" + systemDefaultPairsHeader = common.AllConnsStr + " due to " + common.SystemDefaultRule + allConnHeader = common.AllConnsStr + " and thier reasons" + noConnHeader = common.NoConnsStr + " and their reasons" + specificConnHeader = "Specific connections and their reasons" ) // writeExposureOutput writes the section of the exposure-analysis result diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 5e7175d8..faeeefdb 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -78,10 +78,22 @@ var explainTests = []struct { { testDirName: "ipblockstest", }, + { + testDirName: "k8s_ingress_test_new", + }, + { + testDirName: "multiple_ingress_objects_with_different_ports_new", + }, + { + testDirName: "multiple_topology_resources_2", + }, { testDirName: "netpol_named_port_test", }, { testDirName: "onlineboutique", }, + { + testDirName: "new_online_boutique", + }, } diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 6a65cf63..5658ef42 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -183,11 +183,8 @@ func (rules *ImplyingXgressRulesType) Empty() bool { return len(rules.Rules) == 0 } -func (rules ImplyingRulesType) Empty(isIngress bool) bool { - if isIngress { - return rules.Ingress.Empty() - } - return rules.Egress.Empty() +func (rules ImplyingRulesType) Empty() bool { + return rules.Ingress.Empty() && rules.Egress.Empty() } func (rules *ImplyingXgressRulesType) AddXgressRule(ruleName string, ruleLayer LayerType) { diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index 58b6d340..d584142f 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -276,9 +276,9 @@ func (conn *ConnectionSet) AddConnection(protocol v1.Protocol, ports *PortSet) { // String returns a string representation of the ConnectionSet object func (conn *ConnectionSet) String() string { if conn.AllowAll { - return allConnsStr + return AllConnsStr } else if conn.IsEmpty() { - return noConnsStr + return NoConnsStr } resStrings := []string{} for protocol, ports := range conn.AllowedProtocols { @@ -415,17 +415,17 @@ func (conn *ConnectionSet) IsAllConnections() bool { const ( connsAndPortRangeSeparator = "," - allConnsStr = "All Connections" - noConnsStr = "No Connections" + AllConnsStr = "All Connections" + NoConnsStr = "No Connections" allPortsStr = "ALL PORTS" ) func ConnStrFromConnProperties(allProtocolsAndPorts bool, protocolsAndPorts map[v1.Protocol][]PortRange) string { if allProtocolsAndPorts { - return allConnsStr + return AllConnsStr } if len(protocolsAndPorts) == 0 { - return noConnsStr + return NoConnsStr } var connStr string // connStrings will contain the string of given conns protocols and ports as is @@ -503,9 +503,9 @@ func isWholeRange(ports []PortRange) bool { func ExplanationFromConnProperties(allProtocolsAndPorts bool, commonImplyingRules ImplyingRulesType, protocolsAndPorts map[v1.Protocol][]PortRange) string { if len(protocolsAndPorts) == 0 { - connStr := noConnsStr + connStr := NoConnsStr if allProtocolsAndPorts { - connStr = allConnsStr + connStr = AllConnsStr } return connStr + commonImplyingRules.String() } diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt index c6fad617..9d9c6009 100644 --- a/test_outputs/connlist/acs-security-demos_explain_output.txt +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -1,166 +1,7 @@ ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/asset-cache[Deployment]: @@ -211,48 +52,6 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress (captured but not selected by any Egress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: @@ -555,160 +354,54 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Deployment]: -No Connections due to the following policies // rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: +CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: -No Connections due to the following policies // rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployment]: + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deployment]: + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/asset-cache[Deployment]: - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol // Ingress rule #1 - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: @@ -1006,15 +699,6 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/catalog[Deployment]: @@ -1325,70 +1009,6 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/asset-cache[Deployment]: @@ -1440,222 +1060,72 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processor[Deployment]: +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: -No Connections due to the following policies // rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Deployment]: + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: -No Connections due to the following policies // rules: +DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: +DENIED UDP:[5353] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #5 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: +CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: -No Connections due to the following policies // rules: +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] backend/checkout-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced by the rule) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol // Ingress rule #1 - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[Deployment]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: - -DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - -DENIED UDP:[5353] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol // Egress rule #5 - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/checkout[Deployment]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol // Egress rule #1 - INGRESS DIRECTION (ALLOWED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced by the rule) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1938,15 +1408,6 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress (captured but not selected by any Egress rule) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: @@ -2262,111 +1723,86 @@ DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255.255.255: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: -No Connections due to the following policies // rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) - 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recommendation[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: -No Connections due to the following policies // rules: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports[Deployment]: + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shipping[Deployment]: + INGRESS DIRECTION (ALLOWED) + 1) [NP] frontend/webapp-netpol // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) @@ -2374,224 +1810,796 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Ingress rule #1 DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gateway[Deployment]: +CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/asset-cache // service asset-cache-service + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-processor[Deployment]: +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.255: +CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] frontend/webapp // service webapp-service + 2) [NP] frontend/webapp-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/asset-cache[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => frontend/webapp[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/catalog[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/checkout[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Egress (captured but not selected by any Egress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/notification[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/recommendation[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/reports[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/reports-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN backend/shipping[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/recommendation[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/reports[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => backend/shipping[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/gateway[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/asset-cache-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN frontend/webapp[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] frontend/webapp-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/gateway[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => 0.0.0.0-255.255.255.255: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/catalog[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/checkout[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/notification[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendation[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/recommendation[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/reports[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => backend/shipping[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/gateway[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED TCP:[8080] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => payments/visa-processor[Deployment]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 + 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/catalog[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED TCP:[8080] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/checkout[Deployment]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) - INGRESS DIRECTION (ALLOWED) - 1) [NP] frontend/webapp-netpol // Ingress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) + 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/notification[Deployment]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Deployment]: +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/recommendation[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-processor[Deployment]: +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/reports[Deployment]: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [Route] frontend/asset-cache // service asset-cache-service - 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => backend/shipping[Deployment]: -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [Route] frontend/webapp // service webapp-service - 2) [NP] frontend/webapp-netpol // Ingress rule #1 +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/gateway[Deployment]: -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN payments/visa-processor[Deployment] => payments/mastercard-processor[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) + 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) + 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt index 87df27bf..54b62fe7 100644 --- a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -1,21 +1,29 @@ + +##################################### +# All Connections and thier reasons # +##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns3/pod1[Deployment]: All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: +CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.160-104.154.164.160: No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -23,15 +31,17 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns3/pod1[Deployment]: +CONNECTIONS BETWEEN ns1/pod1[Deployment] => ns2/pod1[Deployment]: -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-peer-1 // Egress rule allow-egress (Allow) +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] egress-peer-1 // Egress rule deny-egress (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => ns1/pod1[Deployment] 0.0.0.0-255.255.255.255 => ns2/pod1[Deployment] 0.0.0.0-255.255.255.255 => ns3/pod1[Deployment] diff --git a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt index f1935169..6d7d7ca0 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_2_explain_output.txt @@ -1,27 +1,7 @@ ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => bar/mybar[Pod]: @@ -81,8 +61,38 @@ ALLOWED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: INGRESS DIRECTION (ALLOWED) 1) [NP] foo/allow-monitoring // Ingress rule #1 + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN bar/mybar[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN baz/mybaz[Pod] => foo/myfoo[Pod]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] foo/allow-monitoring // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => bar/mybar[Pod] 0.0.0.0-255.255.255.255 => baz/mybaz[Pod] 0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index 3942f125..7c2ddca9 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -1,3 +1,28 @@ + +##################################### +# All Connections and thier reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring (Allow) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) + 2) [NP] foo/allow-monitoring // Ingress rule #1 + + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => foo/myfoo[Pod]: @@ -47,25 +72,10 @@ No Connections due to the following policies // rules: 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) 2) [BANP] default // Ingress rule deny-ingress-from-all-namespaces (Deny) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: - -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] allow-monitoring // Ingress rule allow-ingress-from-monitoring (Allow) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => foo/myfoo[Pod]: -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] pass-monitoring // Ingress rule pass-ingress-from-monitoring (Pass) - 2) [NP] foo/allow-monitoring // Ingress rule #1 - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => bar/mybar[Pod] 0.0.0.0-255.255.255.255 => baz/mybaz[Pod] 0.0.0.0-255.255.255.255 => monitoring/mymonitoring[Pod] diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt index a8647ac3..19509233 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_matched_explain_output.txt @@ -1,12 +1,7 @@ ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: - -No Connections due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) - 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-slytherin/draco-malfoy[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: @@ -27,8 +22,23 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [ANP] pass-example // Egress rule pass-all-egress-to-slytherin (Pass) + 2) [BANP] default // Egress rule deny-all-egress-to-slytherin (Deny) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt index f7dc34e6..4283448e 100644 --- a/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt +++ b/test_outputs/connlist/anp_banp_test_with_named_port_unmatched_explain_output.txt @@ -1,3 +1,7 @@ + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-gryffindor/harry-potter[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: @@ -16,8 +20,10 @@ No Connections due to the following policies // rules: 1) [ANP] pass-example // Ingress rule pass-all-ingress-from-slytherin (Pass) 2) [BANP] default // Ingress rule deny-all-ingress-from-slytherin (Deny) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-slytherin/draco-malfoy[StatefulSet] network-policy-conformance-gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index cdbc7952..83f20761 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -1,19 +1,29 @@ + +##################################### +# All Connections and thier reasons # +##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: -No Connections due to the following policies // rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] anp-priority-10 // Ingress rule pass-all-ingress-from-slytherin (Pass) + 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress rule #1 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: -No Connections due to the following policies // rules: +All Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [ANP] ingress-to-hufflepuff // Ingress rule pass-from-slytherin (Pass) + 2) the system default (Allow all) + +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: @@ -131,6 +141,44 @@ DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [ANP] gress-rules-gryffindor // Ingress rule deny-from-hufflepuff-everything-else (Deny) +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: + +ALLOWED TCP:[1-79,81-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 + +DENIED TCP:[80] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [ANP] ingress-to-ravenclaw // Ingress rule deny-from-slytherin-at-port-80 (Deny) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => gryffindor/harry-potter[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => ravenclaw/luna-lovegood[StatefulSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress (captured but not selected by any Ingress rule) + ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN hufflepuff/cedric-diggory[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: @@ -180,44 +228,10 @@ No Connections due to the following policies // rules: 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] anp-priority-10 // Ingress rule pass-all-ingress-from-slytherin (Pass) - 2) [NP] gryffindor/allow-some-ingress-from-to-slytherin-to-gryffindor // Ingress rule #1 - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => hufflepuff/cedric-diggory[StatefulSet]: - -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [ANP] ingress-to-hufflepuff // Ingress rule pass-from-slytherin (Pass) - 2) the system default (Allow all) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => ravenclaw/luna-lovegood[StatefulSet]: - -ALLOWED TCP:[1-79,81-65535] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 - -DENIED TCP:[80] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [ANP] ingress-to-ravenclaw // Ingress rule deny-from-slytherin-at-port-80 (Deny) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => hufflepuff/cedric-diggory[StatefulSet] 0.0.0.0-255.255.255.255 => slytherin/draco-malfoy[StatefulSet] gryffindor/harry-potter[StatefulSet] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt index f447667a..e55c383f 100644 --- a/test_outputs/connlist/anp_test_10_explain_output.txt +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -1,3 +1,19 @@ + +##################################### +# All Connections and thier reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [ANP] egress-udp // Egress rule allow-to-ravenclaw-everything (Allow) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-gryffindor/harry-potter[StatefulSet]: @@ -16,14 +32,6 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [ANP] egress-udp // Egress rule deny-to-gryffindor-everything-else (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: - -All Connections due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [ANP] egress-udp // Egress rule allow-to-ravenclaw-everything (Allow) - INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-slytherin/draco-malfoy[StatefulSet]: @@ -36,8 +44,10 @@ DENIED UDP:[5353] due to the following policies // rules: 1) [ANP] egress-udp // Egress rule deny-to-slytherin-at-port-5353 (Deny) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => network-policy-conformance-gryffindor/harry-potter[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] 0.0.0.0-255.255.255.255 => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet] diff --git a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt index f38b65a3..bc2fc748 100644 --- a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt +++ b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt @@ -1,3 +1,7 @@ + +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => helloworld/hello-world[Deployment]: @@ -37,8 +41,10 @@ DENIED TCP:[1-8059,8061-65535] the system default (Allow all) DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => helloworld/hello-world[Deployment] 0.0.0.0-255.255.255.255 => ingressworld/ingress-world[Deployment] 0.0.0.0-255.255.255.255 => routeworld/route-world[Deployment] diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index b83a8163..ef5736cb 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -1,3 +1,7 @@ + +########################################## +# Specific connections and their reasons # +########################################## ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -125,63 +129,61 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 -No Connections due to the following policies // rules: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -199,7 +201,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -217,7 +219,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -235,7 +237,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: +CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -253,7 +255,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -271,7 +273,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -289,7 +291,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -307,63 +309,79 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: +DENIED UDP:[1-52,54-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) -No Connections due to the following policies // rules: +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: +CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -No Connections due to the following policies // rules: +ALLOWED UDP:[53] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 + +DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -381,7 +399,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -399,7 +417,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -417,7 +435,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -435,7 +453,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -453,7 +471,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -471,7 +489,7 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: +CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: ALLOWED UDP:[53] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -488,8 +506,12 @@ DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/calico-node-tier[DaemonSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -497,7 +519,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -505,7 +527,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -513,7 +535,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -521,7 +543,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -529,7 +551,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -537,7 +559,7 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: +CONNECTIONS BETWEEN 10.0.0.0-10.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) @@ -545,130 +567,116 @@ No Connections due to the following policies // rules: 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/calico-node-tier[DaemonSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.21.0.0-172.21.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/calico-node-tier[DaemonSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: - -ALLOWED UDP:[53] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) - INGRESS DIRECTION (ALLOWED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: -DENIED UDP:[1-52,54-65535] due to the following policies // rules: +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) -DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 172.30.0.0-172.30.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cognetive-agents-agent[DaemonSet] => kube-system/calico-node-tier[DaemonSet]: @@ -1846,8 +1854,10 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-9.255.255.255 => default/cognetive-agents-agent[DaemonSet] 0.0.0.0-9.255.255.255 => default/cognetive-agents-analyzer[DaemonSet] 0.0.0.0-9.255.255.255 => default/cognetive-agents[DaemonSet] diff --git a/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt new file mode 100644 index 00000000..f803c132 --- /dev/null +++ b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt @@ -0,0 +1,650 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productpage-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/reviews-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/ratings-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/details-v1-79f774bdb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/details-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/details-v1-79f774bdb9[ReplicaSet]: + +ALLOWED TCP:[9080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/ingress-policy // service details + 2) [NP] default/details-netpol // Ingress rule #1 + +DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/unicorn[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/ingress-policy // service unicorn + 2) the system default (Allow all) + +DENIED TCP:[1-8079,8081-65535] the system default (Allow all) + +DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/details-v1-79f774bdb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/details-v1-79f774bdb9[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/details-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productpage-v1-6b746f74dc[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/unicorn[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/productpage-v1-6b746f74dc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productpage-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/ratings-v1-b6994bb9[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/ratings-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v1-545db77b95[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v2-7bf8c9648f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/unicorn[Deployment] => default/reviews-v3-84779c7bbc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/reviews-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/unicorn[Deployment] +default/unicorn[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt new file mode 100644 index 00000000..2bf90523 --- /dev/null +++ b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt @@ -0,0 +1,29 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => ingressworld/ingress-world-multiple-ports[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] ingressworld/route-1 // service ingress-world + 2) the system default (Allow all) + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world + 2) the system default (Allow all) + +DENIED TCP:[1-7999,8001-8089,8091-65535] the system default (Allow all) + +DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => ingressworld/ingress-world-multiple-ports[Deployment] +ingressworld/ingress-world-multiple-ports[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt new file mode 100644 index 00000000..a56547bc --- /dev/null +++ b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt @@ -0,0 +1,966 @@ + +##################################### +# All Connections and thier reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] demo/query-to-ui // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-bank-ui[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +ALLOWED TCP:[8080,9090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] demo/ui-to-command // Ingress rule #1 + +ALLOWED UDP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] demo/ui-to-command // Ingress rule #1 + +DENIED TCP:[1-8079,8081-9089,9091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced by the rule) + +DENIED UDP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress rule #1 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-agents[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-agents-analyzer[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-agents[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/calico-node-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/calico-node[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/keepalived-watcher[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/kube-fluentd[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => vendor-system/barbar-app[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => vendor-system/foofoo-app[ReplicaSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] demo/query-to-ui // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/calico-node[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-account-command[DaemonSet]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] demo/ui-to-command // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/cog-agents-analyzer[DaemonSet] +0.0.0.0-255.255.255.255 => default/cog-agents[DaemonSet] +0.0.0.0-255.255.255.255 => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +0.0.0.0-255.255.255.255 => demo/cog-agents-account-query[DaemonSet] +0.0.0.0-255.255.255.255 => demo/cog-agents-bank-ui[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/calico-node-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/calico-node[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/heapster-7df8cb8c66[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/keepalived-watcher-not-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/keepalived-watcher[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/kube-fluentd-frontend[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/kube-fluentd[DaemonSet] +0.0.0.0-255.255.255.255 => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +0.0.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet] +0.0.0.0-255.255.255.255 => vendor-system/barbar-app[ReplicaSet] +0.0.0.0-255.255.255.255 => vendor-system/foofoo-app[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cog-agents-analyzer[DaemonSet] => default/cog-agents[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-agents-analyzer[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +default/cog-agents[DaemonSet] => 0.0.0.0-255.255.255.255 +default/cog-agents[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +default/cog-agents[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +default/cog-agents[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-agents[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/calico-node[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-agents[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-agents[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-agents[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-agents[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => 0.0.0.0-255.255.255.255 +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => default/cog-agents[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/calico-node[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +default/cog-local-analyzer-7d77fb55cc[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => 0.0.0.0-255.255.255.255 +demo/cog-agents-account-command[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => default/cog-agents[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/calico-node[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +demo/cog-agents-account-command[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => 0.0.0.0-255.255.255.255 +demo/cog-agents-bank-ui[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => default/cog-agents[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/calico-node[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +demo/cog-agents-bank-ui[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/calico-node-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/calico-node[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/calico-node[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/calico-node[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/calico-node[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/calico-node[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/calico-node[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/calico-node[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/calico-node[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/calico-node[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/file-plugin-7bfb8b69bf[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/heapster-7df8cb8c66[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/keepalived-watcher-not-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/keepalived-watcher[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/keepalived-watcher[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/kube-fluentd-frontend[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => 0.0.0.0-255.255.255.255 +kube-system/kube-fluentd[DaemonSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => default/cog-agents[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/calico-node[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/kube-fluentd[DaemonSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/storage-watcher-8494b4b8bb[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/tiller-deploy-5c45c9966b[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => 0.0.0.0-255.255.255.255 +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-agents[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/calico-node[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] +kube-system/vpn-858f6d9777[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => 0.0.0.0-255.255.255.255 +vendor-system/barbar-app[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => default/cog-agents[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/calico-node[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +vendor-system/barbar-app[ReplicaSet] => vendor-system/foofoo-app[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => 0.0.0.0-255.255.255.255 +vendor-system/foofoo-app[ReplicaSet] => default/cog-agents-analyzer[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => default/cog-agents[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => default/cog-local-analyzer-7d77fb55cc[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-account-query[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => demo/cog-agents-bank-ui[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/calico-kube-controllers-7694668c77[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-amd64-d66bf76db[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kube-dns-autoscaler-78f5fdbd46[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/kubernetes-dashboard-5b5f985bcf[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system-dummy-to-ignore/public-cre08b89c167414305a1afb205d0bd346f-alb1-8489b8458f[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/calico-node-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/calico-node[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/file-plugin-7bfb8b69bf[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/heapster-7df8cb8c66[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/keepalived-watcher-not-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/keepalived-watcher[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/kube-fluentd-frontend[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/kube-fluentd[DaemonSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/storage-watcher-8494b4b8bb[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/tiller-deploy-5c45c9966b[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => kube-system/vpn-858f6d9777[ReplicaSet] +vendor-system/foofoo-app[ReplicaSet] => vendor-system/barbar-app[ReplicaSet] diff --git a/test_outputs/connlist/netpol_named_port_test_explain_output.txt b/test_outputs/connlist/netpol_named_port_test_explain_output.txt index 6cef8fe0..f1c4f281 100644 --- a/test_outputs/connlist/netpol_named_port_test_explain_output.txt +++ b/test_outputs/connlist/netpol_named_port_test_explain_output.txt @@ -1,3 +1,7 @@ + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => helloworld/pod-a[Deployment]: @@ -30,7 +34,9 @@ No Connections due to the following policies // rules: 1) [NP] helloworld/enable-ingress-from-named-port // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => helloworld/new-pod[Deployment] helloworld/new-pod[Deployment] => 0.0.0.0-255.255.255.255 diff --git a/test_outputs/connlist/new_online_boutique_explain_output.txt b/test_outputs/connlist/new_online_boutique_explain_output.txt new file mode 100644 index 00000000..a6cdf002 --- /dev/null +++ b/test_outputs/connlist/new_online_boutique_explain_output.txt @@ -0,0 +1,1345 @@ + +##################################### +# All Connections and thier reasons # +##################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => 0.0.0.0-255.255.255.255: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/loadgenerator[Deployment]: + +All Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-auth // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-auth // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice // Egress rule #1 + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice // Ingress (captured but not selected by any Ingress rule) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/loadgenerator[Deployment] diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt index b15ebd3e..418de48b 100644 --- a/test_outputs/connlist/onlineboutique_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -1,3 +1,326 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-netpol // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #7 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice-77d5cd745d[ReplicaSet]: @@ -313,70 +636,7 @@ No Connections due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: - -ALLOWED TCP:[7070] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 - -DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: - -ALLOWED TCP:[7000] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 - -DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: @@ -396,48 +656,6 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: - -ALLOWED TCP:[50051] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 - -DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: - -ALLOWED TCP:[3550] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 - -DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: @@ -455,27 +673,6 @@ No Connections due to the following policies // rules: 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: - -ALLOWED TCP:[50051] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 - -DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice-77654bbbdd[ReplicaSet] => 0.0.0.0-255.255.255.255: @@ -696,90 +893,6 @@ No Connections due to the following policies // rules: 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: - -ALLOWED TCP:[9555] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #1 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/adservice-netpol // Ingress rule #1 - -DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: - -ALLOWED TCP:[7070] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #2 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 - -DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: - -ALLOWED TCP:[5050] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #3 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 - -DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: - -ALLOWED TCP:[7000] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #4 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 - -DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: @@ -807,48 +920,6 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: - -ALLOWED TCP:[3550] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #5 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 - -DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #6 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: @@ -857,27 +928,6 @@ No Connections due to the following policies // rules: 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: - -ALLOWED TCP:[50051] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Egress rule #7 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 - -DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => 0.0.0.0-255.255.255.255: @@ -931,27 +981,6 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: - -ALLOWED TCP:[8080] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/frontend-netpol // Ingress rule #1 - -DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -1288,27 +1317,6 @@ No Connections due to the following policies // rules: INGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: - -ALLOWED TCP:[3550] due to the following policies // rules: - EGRESS DIRECTION (ALLOWED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 - INGRESS DIRECTION (ALLOWED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 - -DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) - -DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: - EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) - INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) - ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/redis-cart-78746d49dc[ReplicaSet]: @@ -1520,7 +1528,9 @@ No Connections due to the following policies // rules: 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -The following nodes are connected due to the system default (Allow all): + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### 0.0.0.0-255.255.255.255 => default/redis-cart-78746d49dc[ReplicaSet] default/redis-cart-78746d49dc[ReplicaSet] => 0.0.0.0-255.255.255.255 From 305705730dac0536b577a3317043668bdff0f71c Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 27 Jan 2025 10:23:06 +0200 Subject: [PATCH 26/28] Make linter happy. --- pkg/netpol/connlist/conns_formatter_txt.go | 32 +++++++++---------- ...networks_and_nodes_test_explain_output.txt | 2 +- .../anp_banp_blog_demo_explain_output.txt | 2 +- .../connlist/anp_demo_explain_output.txt | 2 +- .../connlist/anp_test_10_explain_output.txt | 2 +- ...le_topology_resources_2_explain_output.txt | 2 +- .../new_online_boutique_explain_output.txt | 2 +- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/pkg/netpol/connlist/conns_formatter_txt.go b/pkg/netpol/connlist/conns_formatter_txt.go index ea245412..6e776570 100644 --- a/pkg/netpol/connlist/conns_formatter_txt.go +++ b/pkg/netpol/connlist/conns_formatter_txt.go @@ -43,18 +43,15 @@ func (t *formatText) writeConnlistOutput(conns []Peer2PeerConnection, saveIPConn t.ipMaps = createIPMaps(saveIPConns) for i := range conns { p2pConn := formSingleP2PConn(conns[i], explain) - if explain { - // when running with explanation, we print system default connections at the end - if conns[i].(*connection).OnlyCommonRules() { - if conns[i].(*connection).OnlyDefaultRule() { - defaultConnLines = append(defaultConnLines, p2pConn) - } else if conns[i].(*connection).AllProtocolsAndPorts() { - allConnLines = append(allConnLines, p2pConn) - } else { - noConnLines = append(noConnLines, p2pConn) - } - } else { - connLines = append(connLines, p2pConn) + if explain && conns[i].(*connection).OnlyCommonRules() { + // when running with explanation, we print all/no connections grouped together + switch { + case conns[i].(*connection).OnlyDefaultRule(): + defaultConnLines = append(defaultConnLines, p2pConn) + case conns[i].(*connection).AllProtocolsAndPorts(): + allConnLines = append(allConnLines, p2pConn) + default: + noConnLines = append(noConnLines, p2pConn) } } else { connLines = append(connLines, p2pConn) @@ -99,10 +96,13 @@ func writeSingleTypeLinesExplanationOutput(lines []singleConnFields, header stri return result } +const headerSep = "#" + func writeGroupHeader(header string) string { - result := newLineChar + strings.Repeat("#", len(header)+4) + newLineChar - result += "# " + header + " #" - result += newLineChar + strings.Repeat("#", len(header)+4) + newLineChar + headerLine := headerSep + common.SpaceSeparator + header + common.SpaceSeparator + headerSep + result := newLineChar + strings.Repeat(headerSep, len(headerLine)) + newLineChar + result += headerLine + result += newLineChar + strings.Repeat(headerSep, len(headerLine)) + newLineChar return result } @@ -111,7 +111,7 @@ const ( separationLine80 = "--------------------------------------------------------------------------------" nodePairSeparationLine = separationLine80 + separationLine80 + common.NewLine systemDefaultPairsHeader = common.AllConnsStr + " due to " + common.SystemDefaultRule - allConnHeader = common.AllConnsStr + " and thier reasons" + allConnHeader = common.AllConnsStr + " and their reasons" noConnHeader = common.NoConnsStr + " and their reasons" specificConnHeader = "Specific connections and their reasons" ) diff --git a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt index 54b62fe7..20571812 100644 --- a/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt +++ b/test_outputs/connlist/anp_and_banp_using_networks_and_nodes_test_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN ns1/pod1[Deployment] => 104.154.164.170-104.154.164.170: diff --git a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt index 7c2ddca9..56812775 100644 --- a/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt +++ b/test_outputs/connlist/anp_banp_blog_demo_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN monitoring/mymonitoring[Pod] => baz/mybaz[Pod]: diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index 83f20761..19fa5996 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN slytherin/draco-malfoy[StatefulSet] => gryffindor/harry-potter[StatefulSet]: diff --git a/test_outputs/connlist/anp_test_10_explain_output.txt b/test_outputs/connlist/anp_test_10_explain_output.txt index e55c383f..d6a4ea92 100644 --- a/test_outputs/connlist/anp_test_10_explain_output.txt +++ b/test_outputs/connlist/anp_test_10_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN network-policy-conformance-hufflepuff/cedric-diggory[StatefulSet] => network-policy-conformance-ravenclaw/luna-lovegood[StatefulSet]: diff --git a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt index a56547bc..2b696497 100644 --- a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt +++ b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN demo/cog-agents-account-query[DaemonSet] => demo/cog-agents-bank-ui[DaemonSet]: diff --git a/test_outputs/connlist/new_online_boutique_explain_output.txt b/test_outputs/connlist/new_online_boutique_explain_output.txt index a6cdf002..7309efa9 100644 --- a/test_outputs/connlist/new_online_boutique_explain_output.txt +++ b/test_outputs/connlist/new_online_boutique_explain_output.txt @@ -1,6 +1,6 @@ ##################################### -# All Connections and thier reasons # +# All Connections and their reasons # ##################################### ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/adservice[Deployment] => 0.0.0.0-255.255.255.255: From 78bf5feae64e86e557697a3ca43cfa263ccb4238 Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 27 Jan 2025 12:15:03 +0200 Subject: [PATCH 27/28] Added more tests. --- pkg/netpol/connlist/explanation_test.go | 8 +- ..._workloads_with_ingress_explain_output.txt | 1673 +++++++++++++++++ 2 files changed, 1680 insertions(+), 1 deletion(-) create mode 100644 test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index faeeefdb..4348bae3 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -90,10 +90,16 @@ var explainTests = []struct { { testDirName: "netpol_named_port_test", }, + { + testDirName: "new_online_boutique", + }, { testDirName: "onlineboutique", }, { - testDirName: "new_online_boutique", + testDirName: "onlineboutique_workloads_with_ingress", }, + // { + // testDirName: "route_example_with_target_port", + // }, } diff --git a/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt new file mode 100644 index 00000000..b9500f4e --- /dev/null +++ b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt @@ -0,0 +1,1673 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: + +ALLOWED TCP:[9555] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/adservice-netpol // Ingress rule #1 + +DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: + +ALLOWED TCP:[7070] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #2 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 + +DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: + +ALLOWED TCP:[5050] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #3 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 + +DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: + +ALLOWED TCP:[7000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #4 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 + +DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #5 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #6 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: + +ALLOWED TCP:[50051] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Egress rule #7 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 + +DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: + +ALLOWED TCP:[3550] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 + +DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/frontend[Deployment]: + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) + 1) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => default/frontend[Deployment]: + +ALLOWED TCP:[8080] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external + 2) [NP] default/frontend-netpol // Ingress rule #1 + +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + + +#################################### +# No Connections and their reasons # +#################################### +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/frontend[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN 0.0.0.0-255.255.255.255 => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/adservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/cartservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/emailservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/frontend[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/frontend-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/shippingservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => 0.0.0.0-255.255.255.255: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/adservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/adservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/cartservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/cartservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/checkoutservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/checkoutservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/currencyservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/currencyservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/emailservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/emailservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/loadgenerator[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/loadgenerator-netpol // Ingress (captured but not selected by any Ingress rule - no rules defined) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/paymentservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/paymentservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/productcatalogservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/productcatalogservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/recommendationservice[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (DENIED) + 1) [NP] default/recommendationservice-netpol // Ingress (captured but not selected by any Ingress rule) + +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/redis-cart[Deployment]: + +No Connections due to the following policies // rules: + EGRESS DIRECTION (DENIED) + 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) + INGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => default/redis-cart[Deployment] +default/redis-cart[Deployment] => 0.0.0.0-255.255.255.255 From ac7f587a75cbc314c8a95cd68775d6e1f9c0f12a Mon Sep 17 00:00:00 2001 From: Tanya Veksler Date: Mon, 27 Jan 2025 18:16:38 +0200 Subject: [PATCH 28/28] Fixed explanation handling for ingress controller. --- pkg/netpol/connlist/connlist.go | 2 + pkg/netpol/connlist/explanation_test.go | 6 +- .../ingressanalyzer/ingress_analyzer.go | 7 +- pkg/netpol/eval/internal/k8s/netpol.go | 18 +- .../internal/common/augmented_intervalset.go | 27 +- pkg/netpol/internal/common/connectionset.go | 19 + pkg/netpol/internal/common/portset.go | 4 + .../acs-security-demos_explain_output.txt | 488 +++++++++--------- .../connlist/anp_demo_explain_output.txt | 6 +- ...with_routes_and_ingress_explain_output.txt | 33 +- .../connlist/ipblockstest_explain_output.txt | 112 ++-- .../k8s_ingress_test_new_explain_output.txt | 89 ++-- ...ith_different_ports_new_explain_output.txt | 12 +- ...le_topology_resources_2_explain_output.txt | 6 +- .../new_online_boutique_explain_output.txt | 60 +-- .../onlineboutique_explain_output.txt | 120 ++--- ..._workloads_with_ingress_explain_output.txt | 166 +++--- ...xample_with_target_port_explain_output.txt | 33 ++ 18 files changed, 653 insertions(+), 555 deletions(-) create mode 100644 test_outputs/connlist/route_example_with_target_port_explain_output.txt diff --git a/pkg/netpol/connlist/connlist.go b/pkg/netpol/connlist/connlist.go index 7e5b7d3d..bfb415ee 100644 --- a/pkg/netpol/connlist/connlist.go +++ b/pkg/netpol/connlist/connlist.go @@ -672,7 +672,9 @@ func (ca *ConnlistAnalyzer) getIngressAllowedConnections(ia *ingressanalyzer.Ing if err != nil { return nil, err } + peConn.RemoveDefaultRule(true) peerAndConn.ConnSet.Intersection(peConn) + peerAndConn.ConnSet.SetExplResult(true) if peerAndConn.ConnSet.IsEmpty() { ca.warnBlockedIngress(peerStr, peerAndConn.IngressObjects) continue diff --git a/pkg/netpol/connlist/explanation_test.go b/pkg/netpol/connlist/explanation_test.go index 4348bae3..b39386c5 100644 --- a/pkg/netpol/connlist/explanation_test.go +++ b/pkg/netpol/connlist/explanation_test.go @@ -99,7 +99,7 @@ var explainTests = []struct { { testDirName: "onlineboutique_workloads_with_ingress", }, - // { - // testDirName: "route_example_with_target_port", - // }, + { + testDirName: "route_example_with_target_port", + }, } diff --git a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go index 97afb6dc..b6d6835a 100644 --- a/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go +++ b/pkg/netpol/connlist/internal/ingressanalyzer/ingress_analyzer.go @@ -359,7 +359,8 @@ func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServic // (if the required port is not specified, all service ports are allowed) peerPortsToFind := getPeerAccessPort(actualServicePorts, requiredPort) // compute the connection to the peer with the required port/s - res := common.MakeConnectionSet(false) + // all protocols are affected by Ingress (though only TCP may be specified; the rest are not allowed by Ingress) + res := common.MakeConnectionSetWithRule(false, common.ExplNotReferencedProtocols(ruleName), common.NPLayer, true) for _, peerPortToFind := range peerPortsToFind { portNum := peerPortToFind.IntValue() if peerPortToFind.StrVal != "" { // if the port we are searching for is namedPort @@ -375,7 +376,9 @@ func (ia *IngressAnalyzer) getIngressPeerConnection(peer eval.Peer, actualServic } if peerTCPConn.Contains(strconv.Itoa(portNum), string(corev1.ProtocolTCP)) { - permittedPort := common.MakePortSet(false) + // the whole port range is affected by Ingress (not only ports mentioned by Ingress/Route resource) + permittedPort := common.MakeEmptyPortSetWithImplyingRules( + common.MakeImplyingRulesWithRule(common.ExplNotReferencedPorts(ruleName), common.NPLayer, true)) permittedPort.AddPort(intstr.FromInt(portNum), common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, true)) res.AddConnection(corev1.ProtocolTCP, permittedPort) } diff --git a/pkg/netpol/eval/internal/k8s/netpol.go b/pkg/netpol/eval/internal/k8s/netpol.go index de389a34..7f332e56 100644 --- a/pkg/netpol/eval/internal/k8s/netpol.go +++ b/pkg/netpol/eval/internal/k8s/netpol.go @@ -161,7 +161,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } ruleName := np.ruleName(ruleIdx, isIngress) // all protocols are affected by the rule - res := common.MakeConnectionSetWithRule(false, explNotReferencedProtocols(ruleName), common.NPLayer, isIngress) + res := common.MakeConnectionSetWithRule(false, common.ExplNotReferencedProtocols(ruleName), common.NPLayer, isIngress) for i := range rulePorts { protocol := v1.ProtocolTCP if rulePorts[i].Protocol != nil { @@ -169,7 +169,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds } // the whole port range is affected by the rule (not only ports mentioned in the rule) ports := common.MakeEmptyPortSetWithImplyingRules( - common.MakeImplyingRulesWithRule(explNotReferencedPorts(ruleName), common.NPLayer, isIngress)) + common.MakeImplyingRulesWithRule(common.ExplNotReferencedPorts(ruleName), common.NPLayer, isIngress)) if rulePorts[i].Port == nil { ports = common.MakeAllPortSetWithImplyingRules(common.MakeImplyingRulesWithRule(ruleName, common.NPLayer, isIngress)) } else { @@ -213,7 +213,7 @@ func (np *NetworkPolicy) ruleConnections(rulePorts []netv1.NetworkPolicyPort, ds if res.IsEmpty() { // no connections found --> "named ports" of the rule had no match in the pod config // remove empty protocols if any - res = common.MakeConnectionSetWithRule(false, explNoMatchOfNamedPortsToDst(ruleName), common.NPLayer, isIngress) + res = common.MakeConnectionSetWithRule(false, common.ExplNoMatchOfNamedPortsToDst(ruleName), common.NPLayer, isIngress) } return res, nil } @@ -421,18 +421,6 @@ func (np *NetworkPolicy) nameWithDirectionAndExpl(isIngress bool, expl string) s return fmt.Sprintf("%s // %s "+expl, np.FullName(), xgress, xgress) } -func explNoMatchOfNamedPortsToDst(ruleName string) string { - return fmt.Sprintf("%s (named ports of the rule have no match in the configuration of the dst peer)", ruleName) -} - -func explNotReferencedPorts(ruleName string) string { - return fmt.Sprintf("%s (ports not referenced by the rule)", ruleName) -} - -func explNotReferencedProtocols(ruleName string) string { - return fmt.Sprintf("%s (protocols not referenced by the rule)", ruleName) -} - // GetXgressAllowedConns returns the set of allowed connections to a captured dst pod from the src peer (for Ingress) // or from any captured pod to the dst peer (for Egress) func (np *NetworkPolicy) GetXgressAllowedConns(src, dst Peer, isIngress bool) (*common.ConnectionSet, error) { diff --git a/pkg/netpol/internal/common/augmented_intervalset.go b/pkg/netpol/internal/common/augmented_intervalset.go index 5658ef42..fa24cb5c 100644 --- a/pkg/netpol/internal/common/augmented_intervalset.go +++ b/pkg/netpol/internal/common/augmented_intervalset.go @@ -118,6 +118,12 @@ func (rules *ImplyingXgressRulesType) onlyDefaultRule() bool { return len(rules.Rules) == 1 && rules.DominantLayer == DefaultLayer } +func (rules *ImplyingXgressRulesType) removeDefaultRule() { + if rules.onlyDefaultRule() { + *rules = InitImplyingXgressRules() + } +} + func formattedExpl(expl string) string { return "(" + expl + ")" } @@ -162,6 +168,14 @@ func (rules *ImplyingRulesType) OnlyDefaultRule() bool { return rules.Ingress.onlyDefaultRule() && rules.Egress.onlyDefaultRule() } +func (rules *ImplyingRulesType) RemoveDefaultRule(isIngress bool) { + if isIngress { + rules.Ingress.removeDefaultRule() + } else { + rules.Egress.removeDefaultRule() + } +} + func (rules ImplyingRulesType) String() string { if rules.OnlyDefaultRule() { return SpaceSeparator + SystemDefaultRule + NewLine @@ -205,9 +219,6 @@ func (rules *ImplyingRulesType) AddRule(ruleName string, ruleLayer LayerType, is } func (rules *ImplyingXgressRulesType) SetXgressResult(isAllowed bool) { - if rules.Result != NoResult { - log.Panic(errConflictingExplResult) - } if isAllowed { rules.Result = AllowResult } else { @@ -376,6 +387,12 @@ func NewAugmentedCanonicalSetWithRules(minValue, maxValue int64, isAll bool, rul } } +func (c *AugmentedCanonicalSet) RemoveDefaultRule(isIngress bool) { + for ind := range c.intervalSet { + c.intervalSet[ind].implyingRules.RemoveDefaultRule(isIngress) + } +} + func (c *AugmentedCanonicalSet) Intervals() []AugmentedInterval { return slices.Clone(c.intervalSet) } @@ -671,12 +688,12 @@ func (c *AugmentedCanonicalSet) Intersect(other *AugmentedCanonicalSet) *Augment } for _, left := range c.intervalSet { if !left.inSet { - res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules allowed by both sets + res.AddAugmentedInterval(left, AlwaysCollectRules) // collect implying rules denied by both sets } } for _, right := range other.intervalSet { if !right.inSet { - res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules allowed by both sets + res.AddAugmentedInterval(right, AlwaysCollectRules) // collect implying rules denied by both sets } } return res diff --git a/pkg/netpol/internal/common/connectionset.go b/pkg/netpol/internal/common/connectionset.go index d584142f..6db70a1f 100644 --- a/pkg/netpol/internal/common/connectionset.go +++ b/pkg/netpol/internal/common/connectionset.go @@ -31,6 +31,18 @@ type ConnectionSet struct { CommonImplyingRules ImplyingRulesType // used for explainability, when AllowedProtocols is empty (i.e., all allowed or all denied) } +func ExplNoMatchOfNamedPortsToDst(ruleName string) string { + return fmt.Sprintf("%s (named ports of the rule have no match in the configuration of the dst peer)", ruleName) +} + +func ExplNotReferencedPorts(ruleName string) string { + return fmt.Sprintf("%s (ports not referenced)", ruleName) +} + +func ExplNotReferencedProtocols(ruleName string) string { + return fmt.Sprintf("%s (protocols not referenced)", ruleName) +} + var allProtocols = []v1.Protocol{v1.ProtocolTCP, v1.ProtocolUDP, v1.ProtocolSCTP} // MakeConnectionSet returns a pointer to ConnectionSet object with all connections or no connections @@ -66,6 +78,13 @@ func (conn *ConnectionSet) GetEquivalentCanonicalConnectionSet() *ConnectionSet return res } +func (conn *ConnectionSet) RemoveDefaultRule(isIngress bool) { + conn.CommonImplyingRules.RemoveDefaultRule(isIngress) + for _, ports := range conn.AllowedProtocols { + ports.RemoveDefaultRule(isIngress) + } +} + // GetAllTCPConnections returns a pointer to ConnectionSet object with all TCP protocol connections func GetAllTCPConnections() *ConnectionSet { tcpConn := MakeConnectionSet(false) diff --git a/pkg/netpol/internal/common/portset.go b/pkg/netpol/internal/common/portset.go index 04e6a9b2..02820e14 100644 --- a/pkg/netpol/internal/common/portset.go +++ b/pkg/netpol/internal/common/portset.go @@ -62,6 +62,10 @@ func MakeEmptyPortSetWithImplyingRules(rules ImplyingRulesType) *PortSet { } } +func (p *PortSet) RemoveDefaultRule(isIngress bool) { + p.Ports.RemoveDefaultRule(isIngress) +} + // Equal: return true if current object equals another PortSet object func (p *PortSet) Equal(other *PortSet) bool { return p.Ports.Equal(other.Ports) && reflect.DeepEqual(portNames(p.NamedPorts), portNames(other.NamedPorts)) && diff --git a/test_outputs/connlist/acs-security-demos_explain_output.txt b/test_outputs/connlist/acs-security-demos_explain_output.txt index 9d9c6009..d2b8d7a6 100644 --- a/test_outputs/connlist/acs-security-demos_explain_output.txt +++ b/test_outputs/connlist/acs-security-demos_explain_output.txt @@ -10,7 +10,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -24,7 +24,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] backend/catalog-netpol // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/catalog[Deployment] => frontend/webapp[Deployment]: @@ -35,7 +35,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -50,14 +50,14 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/catalog[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -71,7 +71,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -87,31 +87,31 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] backend/notification-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/notification-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/recommendation[Deployment]: @@ -124,38 +124,38 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/reports[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -169,7 +169,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -179,7 +179,7 @@ CONNECTIONS BETWEEN backend/checkout[Deployment] => backend/shipping[Deployment] DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -193,7 +193,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -203,70 +203,70 @@ CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/asset-cache[Deploym DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/gateway[Deployment]: @@ -279,38 +279,38 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #3 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/checkout-netpol // Egress rule #4 INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/mastercard-processor[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -324,7 +324,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -334,7 +334,7 @@ CONNECTIONS BETWEEN backend/checkout[Deployment] => payments/visa-processor[Depl DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -348,7 +348,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -361,7 +361,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -375,7 +375,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/notification[Deployment] => frontend/webapp[Deployment]: @@ -386,7 +386,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -401,7 +401,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] backend/notification-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/catalog[Deployment]: @@ -415,29 +415,29 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #1 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deployment]: @@ -445,7 +445,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/checkout[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -460,7 +460,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -471,7 +471,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/notification[D DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -486,7 +486,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -497,7 +497,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/reports[Deploy DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -512,7 +512,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -523,7 +523,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => backend/shipping[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -538,7 +538,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -549,36 +549,36 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/asset-cache[D DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deployment]: @@ -586,40 +586,40 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => frontend/webapp[Deploy DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/recommendation-netpol // Egress rule #2 INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deployment]: @@ -627,7 +627,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/gateway[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -642,7 +642,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -653,7 +653,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/mastercard-pr DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -668,7 +668,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -679,7 +679,7 @@ CONNECTIONS BETWEEN backend/recommendation[Deployment] => payments/visa-processo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -694,7 +694,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -711,29 +711,29 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #1 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] backend/catalog-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: @@ -741,7 +741,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => backend/checkout[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -756,7 +756,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -767,7 +767,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => backend/notification[Deployme DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -782,7 +782,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -799,33 +799,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #2 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: @@ -833,7 +833,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => backend/shipping[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -848,7 +848,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -859,36 +859,36 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/asset-cache[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: @@ -896,40 +896,40 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] backend/reports-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: @@ -937,7 +937,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/gateway[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -952,7 +952,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -963,7 +963,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/mastercard-processor DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -978,7 +978,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -989,7 +989,7 @@ CONNECTIONS BETWEEN backend/reports[Deployment] => payments/visa-processor[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1004,7 +1004,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1017,7 +1017,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1031,7 +1031,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] backend/default-deny-in-namespace-backend // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN backend/shipping[Deployment] => frontend/webapp[Deployment]: @@ -1042,7 +1042,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1057,7 +1057,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] backend/shipping-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/asset-cache[Deployment] => frontend/webapp[Deployment]: @@ -1068,7 +1068,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1083,7 +1083,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: @@ -1091,7 +1091,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/catalog[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1106,7 +1106,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1123,29 +1123,29 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] backend/checkout-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployment]: @@ -1153,7 +1153,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/notification[Deployme DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1168,7 +1168,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1185,33 +1185,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #3 (ports not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced by the rule) + 2) [NP] backend/recommendation-netpol // Ingress rule #3 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/reports[Deployment]: @@ -1225,33 +1225,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] backend/reports-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/reports-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => backend/shipping[Deployment]: @@ -1265,33 +1265,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #4 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] backend/shipping-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployment]: @@ -1299,36 +1299,36 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => frontend/asset-cache[Deployme DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Egress rule #5 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: @@ -1336,7 +1336,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/gateway[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1351,7 +1351,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/gateway-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1362,7 +1362,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/mastercard-processor DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1377,7 +1377,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1388,7 +1388,7 @@ CONNECTIONS BETWEEN frontend/webapp[Deployment] => payments/visa-processor[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1403,7 +1403,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1414,7 +1414,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/catalog[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1429,7 +1429,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/catalog-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1440,7 +1440,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/checkout[Deployment] DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1455,7 +1455,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/checkout-netpol // Ingress (captured but not selected by any Ingress rule) 2) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) @@ -1466,7 +1466,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/notification[Deploym DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1481,7 +1481,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/notification-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1492,7 +1492,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/recommendation[Deplo DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1507,7 +1507,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/recommendation-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1518,7 +1518,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/reports[Deployment]: DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1533,7 +1533,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/reports-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1544,7 +1544,7 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => backend/shipping[Deployment] DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1559,7 +1559,7 @@ DENIED UDP:[5353] due to the following policies // rules: DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] backend/default-deny-in-namespace-backend // Ingress (captured but not selected by any Ingress rule - no rules defined) 2) [NP] backend/shipping-netpol // Ingress (captured but not selected by any Ingress rule) @@ -1570,36 +1570,36 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/asset-cache[Deploym DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: @@ -1607,40 +1607,40 @@ CONNECTIONS BETWEEN payments/gateway[Deployment] => frontend/webapp[Deployment]: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (ALLOWED) 1) [NP] frontend/webapp-netpol // Ingress rule #1 DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/mastercard-processor[Deployment]: @@ -1654,33 +1654,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #1 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/mastercard-processor-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/gateway[Deployment] => payments/visa-processor[Deployment]: @@ -1694,33 +1694,33 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #2 (ports not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (ports not referenced) DENIED UDP:[1-5352,5354-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) DENIED UDP:[5353] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] payments/gateway-netpol // Egress rule #3 INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) - 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced by the rule) + 2) [NP] payments/gateway-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) 1) [NP] payments/default-deny-in-namespace-payments // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] payments/visa-processor-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/asset-cache[Deployment]: @@ -1730,7 +1730,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1744,7 +1744,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/mastercard-processor[Deployment] => frontend/webapp[Deployment]: @@ -1755,7 +1755,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1770,7 +1770,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] payments/mastercard-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/asset-cache[Deployment]: @@ -1780,7 +1780,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1794,7 +1794,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 1) [NP] payments/default-deny-in-namespace-payments // Egress (captured but not selected by any Egress rule - no rules defined) 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN payments/visa-processor[Deployment] => frontend/webapp[Deployment]: @@ -1805,7 +1805,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -1820,7 +1820,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: 2) [NP] payments/visa-processor-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => frontend/asset-cache[Deployment]: @@ -1834,12 +1834,14 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [Route] frontend/asset-cache // service asset-cache-service (ports not referenced) + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [Route] frontend/asset-cache // service asset-cache-service (protocols not referenced) + 2) [NP] frontend/asset-cache-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => frontend/webapp[Deployment]: @@ -1853,14 +1855,16 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [Route] frontend/webapp // service webapp-service (ports not referenced) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 3) [NP] frontend/webapp-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) - 2) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [Route] frontend/webapp // service webapp-service (protocols not referenced) + 2) [NP] frontend/default-deny-in-namespace-frontend // Ingress (captured but not selected by any Ingress rule - no rules defined) + 3) [NP] frontend/webapp-netpol // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/anp_demo_explain_output.txt b/test_outputs/connlist/anp_demo_explain_output.txt index 19fa5996..24a5cc53 100644 --- a/test_outputs/connlist/anp_demo_explain_output.txt +++ b/test_outputs/connlist/anp_demo_explain_output.txt @@ -76,13 +76,13 @@ DENIED UDP:[1-51,53-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) - 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (ports not referenced by the rule) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) 1) [ANP] ingress-to-ravenclaw // Ingress rule pass-from-gryffindor-everything (Pass) - 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (protocols not referenced by the rule) + 2) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN gryffindor/harry-potter[StatefulSet] => slytherin/draco-malfoy[StatefulSet]: @@ -157,7 +157,7 @@ DENIED TCP:[80] due to the following policies // rules: DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] ravenclaw/allow-some-ingress-from-to-ravenclaw // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt index bc2fc748..81dc3401 100644 --- a/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt +++ b/test_outputs/connlist/demo_app_with_routes_and_ingress_explain_output.txt @@ -9,11 +9,16 @@ ALLOWED TCP:[8000] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Ingress] helloworld/hello-world // service hello-world - 2) the system default (Allow all) -DENIED TCP:[1-7999,8001-65535] the system default (Allow all) +DENIED TCP:[1-7999,8001-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] helloworld/hello-world // service hello-world (ports not referenced) -DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] helloworld/hello-world // service hello-world (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => ingressworld/ingress-world[Deployment]: @@ -22,11 +27,16 @@ ALLOWED TCP:[8090] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Ingress] ingressworld/ingress-world // service ingress-world - 2) the system default (Allow all) -DENIED TCP:[1-8089,8091-65535] the system default (Allow all) +DENIED TCP:[1-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world (ports not referenced) -DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-world // service ingress-world (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => routeworld/route-world[Deployment]: @@ -35,11 +45,16 @@ ALLOWED TCP:[8060] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Route] routeworld/route-world // service route-world - 2) the system default (Allow all) -DENIED TCP:[1-8059,8061-65535] the system default (Allow all) +DENIED TCP:[1-8059,8061-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routeworld/route-world // service route-world (ports not referenced) -DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routeworld/route-world // service route-world (protocols not referenced) ######################################################### diff --git a/test_outputs/connlist/ipblockstest_explain_output.txt b/test_outputs/connlist/ipblockstest_explain_output.txt index ef5736cb..fa1471b2 100644 --- a/test_outputs/connlist/ipblockstest_explain_output.txt +++ b/test_outputs/connlist/ipblockstest_explain_output.txt @@ -13,12 +13,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -31,12 +31,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -49,12 +49,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -67,12 +67,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -85,12 +85,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -103,12 +103,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 0.0.0.0-9.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -121,12 +121,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -139,12 +139,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -157,12 +157,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -175,12 +175,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -193,12 +193,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -211,12 +211,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -229,12 +229,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 11.0.0.0-172.20.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -247,12 +247,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -265,12 +265,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -283,12 +283,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -301,12 +301,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -319,12 +319,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -337,12 +337,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -355,12 +355,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.22.0.0-172.29.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -373,12 +373,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/calico-node-tier[DaemonSet]: @@ -391,12 +391,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-file-plugin-7bfb8b69bf[ReplicaSet]: @@ -409,12 +409,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-keepalived-watcher[DaemonSet]: @@ -427,12 +427,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-kube-fluentd-with-tier[DaemonSet]: @@ -445,12 +445,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/ibm-storage-watcher-8494b4b8bb[ReplicaSet]: @@ -463,12 +463,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/tiller-deploy-5c45c9966b[ReplicaSet]: @@ -481,12 +481,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN 172.31.0.0-255.255.255.255 => kube-system/vpn-858f6d9777[ReplicaSet]: @@ -499,12 +499,12 @@ ALLOWED UDP:[53] due to the following policies // rules: DENIED UDP:[1-52,54-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (ports not referenced) DENIED {SCTP,TCP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] kube-system/enable-from-ipblock-to-isolated-by-tier // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt index f803c132..9c689fe0 100644 --- a/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt +++ b/test_outputs/connlist/k8s_ingress_test_new_explain_output.txt @@ -9,7 +9,7 @@ DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[9080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -21,7 +21,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/productpage-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/ratings-v1-b6994bb9[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: @@ -30,7 +30,7 @@ DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[9080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -42,7 +42,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/ratings-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: @@ -51,7 +51,7 @@ DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[9080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -63,7 +63,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: @@ -76,15 +76,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v1-545db77b95[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: @@ -97,15 +97,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: @@ -114,7 +114,7 @@ DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[9080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -126,7 +126,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: @@ -139,15 +139,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v2-7bf8c9648f[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: @@ -160,15 +160,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/details-v1-79f774bdb9[ReplicaSet]: @@ -177,7 +177,7 @@ DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[9080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -189,7 +189,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/reviews-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/productpage-v1-6b746f74dc[ReplicaSet]: @@ -202,15 +202,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productpage-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/reviews-v3-84779c7bbc[ReplicaSet] => default/ratings-v1-b6994bb9[ReplicaSet]: @@ -223,15 +223,15 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/reviews-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/ratings-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/unicorn[Deployment] => default/details-v1-79f774bdb9[ReplicaSet]: @@ -244,12 +244,12 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => default/details-v1-79f774bdb9[ReplicaSet]: @@ -263,12 +263,14 @@ ALLOWED TCP:[9080] due to the following policies // rules: DENIED TCP:[1-9079,9081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [Ingress] default/ingress-policy // service details (ports not referenced) + 2) [NP] default/details-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [Ingress] default/ingress-policy // service details (protocols not referenced) + 2) [NP] default/details-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => default/unicorn[Deployment]: @@ -277,11 +279,16 @@ ALLOWED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Ingress] default/ingress-policy // service unicorn - 2) the system default (Allow all) -DENIED TCP:[1-8079,8081-65535] the system default (Allow all) +DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service unicorn (ports not referenced) -DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] default/ingress-policy // service unicorn (protocols not referenced) #################################### diff --git a/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt index 2bf90523..8fa739ec 100644 --- a/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt +++ b/test_outputs/connlist/multiple_ingress_objects_with_different_ports_new_explain_output.txt @@ -9,17 +9,21 @@ ALLOWED TCP:[8000] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Route] ingressworld/route-1 // service ingress-world - 2) the system default (Allow all) ALLOWED TCP:[8090] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (ALLOWED) 1) [Ingress] ingressworld/ingress-1 // service ingress-world - 2) the system default (Allow all) -DENIED TCP:[1-7999,8001-8089,8091-65535] the system default (Allow all) +DENIED TCP:[1-7999,8001-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world (ports not referenced) -DENIED {SCTP,UDP}:[ALL PORTS] the system default (Allow all) +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Ingress] ingressworld/ingress-1 // service ingress-world (protocols not referenced) ######################################################### diff --git a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt index 2b696497..38578cb0 100644 --- a/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt +++ b/test_outputs/connlist/multiple_topology_resources_2_explain_output.txt @@ -30,17 +30,17 @@ ALLOWED UDP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-9089,9091-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced) DENIED UDP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] demo/ui-to-command // Ingress rule #1 (ports not referenced) DENIED {SCTP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] demo/ui-to-command // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] demo/ui-to-command // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/new_online_boutique_explain_output.txt b/test_outputs/connlist/new_online_boutique_explain_output.txt index 7309efa9..69202d87 100644 --- a/test_outputs/connlist/new_online_boutique_explain_output.txt +++ b/test_outputs/connlist/new_online_boutique_explain_output.txt @@ -187,13 +187,13 @@ DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: @@ -208,13 +208,13 @@ DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: @@ -229,13 +229,13 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/emailservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/emailservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: @@ -250,13 +250,13 @@ DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/paymentservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/paymentservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: @@ -271,13 +271,13 @@ DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: @@ -292,13 +292,13 @@ DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/checkoutservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: @@ -313,13 +313,13 @@ DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-auth // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/adservice-auth // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-auth // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/adservice-auth // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: @@ -334,13 +334,13 @@ DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/cartservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/cartservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: @@ -355,13 +355,13 @@ DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: @@ -376,13 +376,13 @@ DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/currencyservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/currencyservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: @@ -397,13 +397,13 @@ DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: @@ -418,13 +418,13 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: @@ -439,13 +439,13 @@ DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/shippingservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/frontend // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/shippingservice // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: @@ -460,13 +460,13 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/loadgenerator // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/loadgenerator // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: @@ -481,13 +481,13 @@ DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/recommendationservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) 1) [NP] default/recommendationservice // Egress rule #1 INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/onlineboutique_explain_output.txt b/test_outputs/connlist/onlineboutique_explain_output.txt index 418de48b..6b527404 100644 --- a/test_outputs/connlist/onlineboutique_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_explain_output.txt @@ -13,15 +13,15 @@ ALLOWED TCP:[7070] due to the following policies // rules: DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: @@ -34,15 +34,15 @@ ALLOWED TCP:[7000] due to the following policies // rules: DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/emailservice-54c7c5d9d[ReplicaSet]: @@ -55,15 +55,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/paymentservice-bbcbdc6b6[ReplicaSet]: @@ -76,15 +76,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: @@ -97,15 +97,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice-69c8ff664b[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: @@ -118,15 +118,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/adservice-77d5cd745d[ReplicaSet]: @@ -139,15 +139,15 @@ ALLOWED TCP:[9555] due to the following policies // rules: DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/cartservice-74f56fd4b[ReplicaSet]: @@ -160,15 +160,15 @@ ALLOWED TCP:[7070] due to the following policies // rules: DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/checkoutservice-69c8ff664b[ReplicaSet]: @@ -181,15 +181,15 @@ ALLOWED TCP:[5050] due to the following policies // rules: DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/currencyservice-77654bbbdd[ReplicaSet]: @@ -202,15 +202,15 @@ ALLOWED TCP:[7000] due to the following policies // rules: DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: @@ -223,15 +223,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/recommendationservice-5f8c456796[ReplicaSet]: @@ -244,15 +244,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend-99684f7f8[ReplicaSet] => default/shippingservice-5bd985c46d[ReplicaSet]: @@ -265,15 +265,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator-555fbdc87d[ReplicaSet] => default/frontend-99684f7f8[ReplicaSet]: @@ -286,15 +286,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice-5f8c456796[ReplicaSet] => default/productcatalogservice-68765d49b6[ReplicaSet]: @@ -307,15 +307,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt index b9500f4e..36b80c54 100644 --- a/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt +++ b/test_outputs/connlist/onlineboutique_workloads_with_ingress_explain_output.txt @@ -9,7 +9,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -21,7 +21,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/adservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/cartservice[Deployment] => default/frontend[Deployment]: @@ -30,7 +30,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -42,7 +42,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/cartservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/cartservice[Deployment]: @@ -55,15 +55,15 @@ ALLOWED TCP:[7070] due to the following policies // rules: DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/currencyservice[Deployment]: @@ -76,15 +76,15 @@ ALLOWED TCP:[7000] due to the following policies // rules: DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/emailservice[Deployment]: @@ -97,15 +97,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/emailservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/frontend[Deployment]: @@ -114,7 +114,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -126,7 +126,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/checkoutservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/paymentservice[Deployment]: @@ -139,15 +139,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/paymentservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/productcatalogservice[Deployment]: @@ -160,15 +160,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/checkoutservice[Deployment] => default/shippingservice[Deployment]: @@ -181,15 +181,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Egress rule #6 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/currencyservice[Deployment] => default/frontend[Deployment]: @@ -198,7 +198,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -210,7 +210,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/currencyservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/emailservice[Deployment] => default/frontend[Deployment]: @@ -219,7 +219,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -231,7 +231,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/emailservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/adservice[Deployment]: @@ -244,15 +244,15 @@ ALLOWED TCP:[9555] due to the following policies // rules: DENIED TCP:[1-9554,9556-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/adservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/cartservice[Deployment]: @@ -265,15 +265,15 @@ ALLOWED TCP:[7070] due to the following policies // rules: DENIED TCP:[1-7069,7071-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #2 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/cartservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/checkoutservice[Deployment]: @@ -286,15 +286,15 @@ ALLOWED TCP:[5050] due to the following policies // rules: DENIED TCP:[1-5049,5051-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #3 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/checkoutservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/currencyservice[Deployment]: @@ -307,15 +307,15 @@ ALLOWED TCP:[7000] due to the following policies // rules: DENIED TCP:[1-6999,7001-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #4 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/currencyservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/productcatalogservice[Deployment]: @@ -328,15 +328,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #5 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/recommendationservice[Deployment]: @@ -349,15 +349,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #6 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/frontend[Deployment] => default/shippingservice[Deployment]: @@ -370,15 +370,15 @@ ALLOWED TCP:[50051] due to the following policies // rules: DENIED TCP:[1-50050,50052-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Egress rule #7 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced by the rule) + 1) [NP] default/shippingservice-netpol // Ingress rule #2 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/loadgenerator[Deployment] => default/frontend[Deployment]: @@ -391,15 +391,15 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/loadgenerator-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/paymentservice[Deployment] => default/frontend[Deployment]: @@ -408,7 +408,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -420,7 +420,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/paymentservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/productcatalogservice[Deployment] => default/frontend[Deployment]: @@ -429,7 +429,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -441,7 +441,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/productcatalogservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/frontend[Deployment]: @@ -450,7 +450,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -462,7 +462,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/recommendationservice-netpol // Egress (captured but not selected by any Egress rule) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/recommendationservice[Deployment] => default/productcatalogservice[Deployment]: @@ -475,15 +475,15 @@ ALLOWED TCP:[3550] due to the following policies // rules: DENIED TCP:[1-3549,3551-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (ports not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) - 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced by the rule) + 1) [NP] default/recommendationservice-netpol // Egress rule #1 (protocols not referenced) INGRESS DIRECTION (DENIED) - 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced by the rule) + 1) [NP] default/productcatalogservice-netpol // Ingress rule #3 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/redis-cart[Deployment] => default/frontend[Deployment]: @@ -496,12 +496,12 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN default/shippingservice[Deployment] => default/frontend[Deployment]: @@ -510,7 +510,7 @@ DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED TCP:[8080] due to the following policies // rules: EGRESS DIRECTION (DENIED) @@ -522,7 +522,7 @@ DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (DENIED) 1) [NP] default/shippingservice-netpol // Egress (captured but not selected by any Egress rule - no rules defined) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- CONNECTIONS BETWEEN {ingress-controller} => default/frontend[Deployment]: @@ -536,12 +536,14 @@ ALLOWED TCP:[8080] due to the following policies // rules: DENIED TCP:[1-8079,8081-65535] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced by the rule) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external (ports not referenced) + 2) [NP] default/frontend-netpol // Ingress rule #1 (ports not referenced) DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) INGRESS DIRECTION (DENIED) - 1) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced by the rule) + 1) [Ingress] default/onlineboutique-ingress // service frontend-external (protocols not referenced) + 2) [NP] default/frontend-netpol // Ingress rule #1 (protocols not referenced) #################################### diff --git a/test_outputs/connlist/route_example_with_target_port_explain_output.txt b/test_outputs/connlist/route_example_with_target_port_explain_output.txt new file mode 100644 index 00000000..b9eaa629 --- /dev/null +++ b/test_outputs/connlist/route_example_with_target_port_explain_output.txt @@ -0,0 +1,33 @@ + +########################################## +# Specific connections and their reasons # +########################################## +---------------------------------------------------------------------------------------------------------------------------------------------------------------- +CONNECTIONS BETWEEN {ingress-controller} => routes-world/workload-with-multiple-ports[Deployment]: + +ALLOWED TCP:[8000] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routes-world/route-1 // service routes-world-svc + +ALLOWED TCP:[8090] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (ALLOWED) + 1) [Route] routes-world/route-2 // service routes-world-svc + +DENIED TCP:[1-7999,8001-8089,8091-65535] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routes-world/route-1 // service routes-world-svc (ports not referenced) + +DENIED {SCTP,UDP}:[ALL PORTS] due to the following policies // rules: + EGRESS DIRECTION (ALLOWED) due to the system default (Allow all) + INGRESS DIRECTION (DENIED) + 1) [Route] routes-world/route-1 // service routes-world-svc (protocols not referenced) + + +######################################################### +# All Connections due to the system default (Allow all) # +######################################################### +0.0.0.0-255.255.255.255 => routes-world/workload-with-multiple-ports[Deployment] +routes-world/workload-with-multiple-ports[Deployment] => 0.0.0.0-255.255.255.255