diff --git a/externalname.yaml b/externalname.yaml new file mode 100644 index 0000000..8588b39 --- /dev/null +++ b/externalname.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service +spec: + type: ExternalName + externalName: sandervanvugt.com diff --git a/externalname2.yaml b/externalname2.yaml new file mode 100644 index 0000000..6e1d5ee --- /dev/null +++ b/externalname2.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: secure +spec: {} +--- +apiVersion: v1 +kind: Pod +metadata: + name: secnginx + labels: + my: app + namespace: secure +spec: + containers: + - name: secnginx + image: nginx +... +--- +apiVersion: v1 +kind: Service +metadata: + name: secnginx + labels: + my: app + namespace: secure +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + my: app +... +--- +apiVersion: v1 +kind: Service +metadata: + name: ex-service + namespace: default +spec: + type: ExternalName + externalName: secnginx.service.svc.cluster.local + ports: + - port: 80 +... diff --git a/hello-world-in.yaml b/hello-world-in.yaml new file mode 100644 index 0000000..ff56138 --- /dev/null +++ b/hello-world-in.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: example-ingress + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$1 +spec: + rules: + - host: hello-world.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: web + port: + number: 8080 + - path: /v2 + pathType: Prefix + backend: + service: + name: web2 + port: + number: 8080 diff --git a/ingres-rbac.yaml b/ingres-rbac.yaml new file mode 100644 index 0000000..af7d995 --- /dev/null +++ b/ingres-rbac.yaml @@ -0,0 +1,36 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-ingress-controller +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: +- kind: ServiceAccount + name: traefik-ingress-controller + namespace: kube-system diff --git a/ipnwpolicy.yaml b/ipnwpolicy.yaml new file mode 100644 index 0000000..fa681e4 --- /dev/null +++ b/ipnwpolicy.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: test-network-policy + namespace: default +spec: + podSelector: + matchLabels: + role: db + policyTypes: + - Ingress + - Egress + ingress: + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + project: myproject + - podSelector: + matchLabels: + role: frontend + ports: + - protocol: TCP + port: 6379 + egress: + - to: + - ipBlock: + cidr: 10.0.0.0/24 + ports: + - protocol: TCP + port: 5978 diff --git a/nginx-in-new.yaml b/nginx-in-new.yaml new file mode 100644 index 0000000..8496e8f --- /dev/null +++ b/nginx-in-new.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + annotations: + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: + http: + paths: + - path: /nginxserver + pathType: Prefix + backend: + service: + name: nginxz + port: + number: 80 diff --git a/nginxsvc-ingress.yaml b/nginxsvc-ingress.yaml new file mode 100644 index 0000000..52c5954 --- /dev/null +++ b/nginxsvc-ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginxsvc-ingress + annotations: + nginx.ingress.kubernetes.io/rewrite-target: /$1 +spec: + rules: + - host: nginxsvc.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginxsvc + port: + number: 80 + - path: /hello + pathType: Prefix + backend: + service: + name: newdep + port: + number: 8080 diff --git a/nwpolicy-complete-example.yaml b/nwpolicy-complete-example.yaml new file mode 100644 index 0000000..2db7cfd --- /dev/null +++ b/nwpolicy-complete-example.yaml @@ -0,0 +1,42 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: access-nginx +spec: + podSelector: + matchLabels: + app: nginx + ingress: + - from: + - podSelector: + matchLabels: + access: "true" +... + +--- +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app: nginx +spec: + containers: + - name: nwp-nginx + image: nginx:1.17 +... + +--- +apiVersion: v1 +kind: Pod +metadata: + name: busybox + labels: + app: sleepy +spec: + containers: + - name: nwp-busybox + image: busybox + command: + - sleep + - "3600" diff --git a/secretbox.yaml b/secretbox.yaml new file mode 100644 index 0000000..b52fd80 --- /dev/null +++ b/secretbox.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + creationTimestamp: null + labels: + run: secretbox + name: secretbox + namespace: secret +spec: + containers: + - args: + - sleep + - "3600" + image: busybox + name: pod + resources: {} + dnsPolicy: ClusterFirst + restartPolicy: Always +status: {} diff --git a/traefik-ds.yaml b/traefik-ds.yaml new file mode 100644 index 0000000..3f68714 --- /dev/null +++ b/traefik-ds.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + selector: + matchLabels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + template: + metadata: + labels: + ks8-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + containers: + - image: traefik:v1.7 + name: traefik-ingress-lb + ports: + - name: http + containerPort: 80 + hostPort: 80 + - name: admin + containerPort: 8080 + hostPort: 8080 + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + args: + - --api + - --kubernetes + - --logLevel=INFO +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-ingress-service + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 8080 + name: admin diff --git a/traefik-in.yaml b/traefik-in.yaml new file mode 100644 index 0000000..76e4972 --- /dev/null +++ b/traefik-in.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: traefik-web-ui + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - name: web + port: 80 + targetPort: 8080 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: traefik-web-ui + namespace: kube-system +spec: + rules: + - host: traefik-ui.aio + http: + paths: + - path: / + backend: + serviceName: traefik-web-ui + servicePort: web