new files

ingress-rbac.yaml

@@ -0,0 +1,36 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-ingress-controller
+rules:
+  - apiGroups:
+    - "" 
+    resources:
+    - services
+    - endpoints
+    - secrets
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: traefik-ingress-controller
+  namespace: kube-system

nwp-lab11-1.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nwp-nginx
+  namespace: default
+  labels: 
+    app: nginx
+spec:
+  containers:
+  - name: nwp-nginx
+    image: nginx:1.17
+...
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nwp-busybox
+  namespace: nwp-namespace
+  labels:
+    app: sleepy
+spec:
+  containers:
+  - name: nwp-busybox
+    image: busybox
+    command:
+    - sleep
+    - "3600"

nwp-lab11-2.yaml

@@ -0,0 +1,11 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: default
+  name: deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from:
+    - podSelector: {}

nwp-lesson15.yaml

@@ -0,0 +1,17 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: only-allow-from-busybox-secure-ns
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app: web
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          type: secure
+      podSelector:
+        matchLabels:
+          type: monitoring