kubernetes: allow kubelet to connect all TCP ports

For pod health checks.

Signed-off-by: Kenton Groombridge <[email protected]>

policy/modules/services/kubernetes.te

@@ -248,10 +248,8 @@ fs_tmpfs_filetrans(kubelet_t, kubernetes_tmpfs_t, { dir file lnk_file })
 
 corenet_tcp_bind_generic_node(kubelet_t)
 
-corenet_tcp_connect_http_port(kubelet_t)
 corenet_tcp_bind_kubernetes_port(kubelet_t)
-corenet_tcp_connect_kubernetes_port(kubelet_t)
-corenet_tcp_connect_all_unreserved_ports(kubelet_t)
+corenet_tcp_connect_all_ports(kubelet_t)
 
 corecmd_exec_bin(kubelet_t)
 corecmd_watch_bin_dirs(kubelet_t)