From 5d3eb9de8c5042d8af49b98f0b81db6d6f64db3b Mon Sep 17 00:00:00 2001
From: Sander van Vugt <mail@sandervanvugt.nl>
Date: Thu, 14 Jan 2021 15:24:53 +0100
Subject: [PATCH] new files

---
 ingress-rbac.yaml | 36 ++++++++++++++++++++++++++++++++++++
 nwp-lab11-1.yaml  | 29 +++++++++++++++++++++++++++++
 nwp-lab11-2.yaml  | 11 +++++++++++
 nwp-lesson15.yaml | 17 +++++++++++++++++
 4 files changed, 93 insertions(+)
 create mode 100644 ingress-rbac.yaml
 create mode 100644 nwp-lab11-1.yaml
 create mode 100644 nwp-lab11-2.yaml
 create mode 100644 nwp-lesson15.yaml

diff --git a/ingress-rbac.yaml b/ingress-rbac.yaml
new file mode 100644
index 0000000..af7d995
--- /dev/null
+++ b/ingress-rbac.yaml
@@ -0,0 +1,36 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-ingress-controller
+rules:
+  - apiGroups:
+    - "" 
+    resources:
+    - services
+    - endpoints
+    - secrets
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: traefik-ingress-controller
+  namespace: kube-system
diff --git a/nwp-lab11-1.yaml b/nwp-lab11-1.yaml
new file mode 100644
index 0000000..fec3a8e
--- /dev/null
+++ b/nwp-lab11-1.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nwp-nginx
+  namespace: default
+  labels: 
+    app: nginx
+spec:
+  containers:
+  - name: nwp-nginx
+    image: nginx:1.17
+...
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nwp-busybox
+  namespace: nwp-namespace
+  labels:
+    app: sleepy
+spec:
+  containers:
+  - name: nwp-busybox
+    image: busybox
+    command:
+    - sleep
+    - "3600"
diff --git a/nwp-lab11-2.yaml b/nwp-lab11-2.yaml
new file mode 100644
index 0000000..5d07a4e
--- /dev/null
+++ b/nwp-lab11-2.yaml
@@ -0,0 +1,11 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: default
+  name: deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from:
+    - podSelector: {}
diff --git a/nwp-lesson15.yaml b/nwp-lesson15.yaml
new file mode 100644
index 0000000..2a2cc05
--- /dev/null
+++ b/nwp-lesson15.yaml
@@ -0,0 +1,17 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: only-allow-from-busybox-secure-ns
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app: web
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          type: secure
+      podSelector:
+        matchLabels:
+          type: monitoring