Initial commit
This commit is contained in:
commit
a267b572a3
GPG key ID:
821AEE0FD167FBDF
23 changed files with 2173 additions and 0 deletions
63
test/http-sw/http-sw-app.yaml
Normal file
63
test/http-sw/http-sw-app.yaml
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: deathstar
|
||||
labels:
|
||||
app.kubernetes.io/name: deathstar
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
selector:
|
||||
org: empire
|
||||
class: deathstar
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: deathstar
|
||||
labels:
|
||||
app.kubernetes.io/name: deathstar
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
org: empire
|
||||
class: deathstar
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
org: empire
|
||||
class: deathstar
|
||||
app.kubernetes.io/name: deathstar
|
||||
spec:
|
||||
containers:
|
||||
- name: deathstar
|
||||
image: docker.io/cilium/starwars
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: tiefighter
|
||||
labels:
|
||||
org: empire
|
||||
class: tiefighter
|
||||
app.kubernetes.io/name: tiefighter
|
||||
spec:
|
||||
containers:
|
||||
- name: spaceship
|
||||
image: docker.io/tgraf/netperf
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: xwing
|
||||
labels:
|
||||
app.kubernetes.io/name: xwing
|
||||
org: alliance
|
||||
class: xwing
|
||||
spec:
|
||||
containers:
|
||||
- name: spaceship
|
||||
image: docker.io/tgraf/netperf
|
||||
22
test/http-sw/sw_l3_l4_l7_policy.yaml
Normal file
22
test/http-sw/sw_l3_l4_l7_policy.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: "cilium.io/v2"
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: "rule1"
|
||||
spec:
|
||||
description: "L7 policy to restrict access to specific HTTP call"
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
org: empire
|
||||
class: deathstar
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
org: empire
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "80"
|
||||
protocol: TCP
|
||||
rules:
|
||||
http:
|
||||
- method: "POST"
|
||||
path: "/v1/request-landing"
|
||||
18
test/http-sw/sw_l3_l4_policy.yaml
Normal file
18
test/http-sw/sw_l3_l4_policy.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: "cilium.io/v2"
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: "rule1"
|
||||
spec:
|
||||
description: "L3-L4 policy to restrict deathstar access to empire ships only"
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
org: empire
|
||||
class: deathstar
|
||||
ingress:
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
org: empire
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "80"
|
||||
protocol: TCP
|
||||
Loading…
Add table
Add a link
Reference in a new issue