-
Notifications
You must be signed in to change notification settings - Fork 4
/
design-mode.yaml
101 lines (98 loc) · 2.75 KB
/
design-mode.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
APIVersion: 1
label: recipe:design-mode
data:
recipes:
- name: Enable Discovery Mode
description: Allow all traffic.
label: recipe:design-mode
propagate: true
deploymentMode: Unique
metadata:
- "@aporeto:author=aporeto"
associatedTags:
- "aporeto:recipe:placement=toolbar"
targetIdentities:
- externalnetwork
- networkaccesspolicy
longDescription: |-
### Enable Discovery Mode
When discovery mode is enabled, **all flows are accepted**.
Flows which do not match an existing network policy will be represented by a dotted line in your Platform view
template: |-
{{`
APIVersion: 1
data:
networkaccesspolicies:
- name: "discovery-mode"
description: "Allow all processing units and external networks commnications."
action: "Allow"
observationEnabled: true
observedTrafficAction: "Apply"
protected: false
logsEnabled: true
{{- if .Values.propagate }}
propagate: true
{{- end }}
subject:
- - "$identity=processingunit"
- - "$identity=externalnetwork"
object:
- - "$identity=processingunit"
- - "$identity=externalnetwork"
externalnetworks:
- name: "any-udp"
description: "Represents any UDP traffic"
{{- if .Values.propagate }}
propagate: true
{{- end }}
entries:
- "0.0.0.0/0"
- "::/0"
servicePorts:
- "udp/1:65535"
- name: "any-tcp"
description: "Represents any TCP traffic"
{{- if .Values.propagate }}
propagate: true
{{- end }}
entries:
- "0.0.0.0/0"
- "::/0"
servicePorts:
- "tcp/1:65535"
- name: "any-icmp"
description: "Represents any ICMP traffic"
{{- if .Values.propagate }}
propagate: true
{{- end }}
entries:
- "0.0.0.0/0"
- "::/0"
servicePorts:
- "icmp"
- "icmp6"
- name: "any-other-protocol"
description: "Represents any other traffic"
{{- if .Values.propagate }}
propagate: true
{{- end }}
entries:
- "0.0.0.0/0"
- "::/0"
servicePorts:
- "IGMP"
- "SCTP"
- "IPIP"
- "GRE"
- "PIM"
- "VRRP"
- "L2TP"
`}}
steps:
- name: Propagation
description: Configure if the Discovery Mode should be enabled in the child namespaces.
parameters:
- key: propagate
name: Propagate
description: propagate down to child namespaces.
type: Boolean