network policy section has been added

Author: ozgurozturknet

networkpolicy/README.md

@@ -0,0 +1,28 @@
+# Network Policy
+
+## Minikube
+
+* Minikube'u calico plug-in'iyle başlat
+
+```
+$ minikube start --cpus 4 --memory 6144 --cni=calico --container-runtime=docker --host-only-cidr=172.17.17.1/24
+```
+
+* Podları ve namespaceleri oluştur
+
+```
+$ kubectl apply -f deploy.yaml
+```
+
+* Network Policy deploy et
+```
+$ kubectl apply -f policy.yaml
+```
+
+* Poda'ya bağlan ve sadece 1.1.1.1'e 80 portundan gidebildiğini başka yere gidemediğini teyit et
+
+```
+$ kubectl exec -it -n ns-a poda -- bash
+```
+
+* PodB ve Frontend podlarından pod'a 80 portundan gidebildiğini teyit et. PodC'den ise gidemeyeceksin.

networkpolicy/deploy.yaml

@@ -0,0 +1,124 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: ns-a
+  labels:
+    team: a
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: ns-b
+  labels:
+    team: b
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: ns-c
+  labels:
+    team: c
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: poda
+  namespace: ns-a
+  labels:
+    team: a
+spec:
+  containers:
+  - name: containera
+    image: ozgurozturknet/k8s:v1
+    ports:
+    - containerPort: 80
+    livenessProbe:
+      httpGet:
+        path: /healthcheck
+        port: 80
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    readinessProbe:
+      httpGet:
+        path: /ready
+        port: 80
+      initialDelaySeconds: 20
+      periodSeconds: 3
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: podb
+  namespace: ns-b
+  labels:
+    team: b
+spec:
+  containers:
+  - name: containerb
+    image: ozgurozturknet/k8s:v1
+    ports:
+    - containerPort: 80
+    livenessProbe:
+      httpGet:
+        path: /healthcheck
+        port: 80
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    readinessProbe:
+      httpGet:
+        path: /ready
+        port: 80
+      initialDelaySeconds: 20
+      periodSeconds: 3
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: podc
+  namespace: ns-c
+  labels:
+    team: c
+spec:
+  containers:
+  - name: containerc
+    image: ozgurozturknet/k8s:v1
+    ports:
+    - containerPort: 80
+    livenessProbe:
+      httpGet:
+        path: /healthcheck
+        port: 80
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    readinessProbe:
+      httpGet:
+        path: /ready
+        port: 80
+      initialDelaySeconds: 20
+      periodSeconds: 3
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: frontend
+  namespace: ns-a
+  labels:
+    app: frontend
+spec:
+  containers:
+  - name: frontend
+    image: ozgurozturknet/k8s:v1
+    ports:
+    - containerPort: 80
+    livenessProbe:
+      httpGet:
+        path: /healthcheck
+        port: 80
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    readinessProbe:
+      httpGet:
+        path: /ready
+        port: 80
+      initialDelaySeconds: 20
+      periodSeconds: 3

networkpolicy/policy.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: networkpolicy-example
+  namespace: ns-a
+spec:
+  podSelector:
+    matchLabels:
+      team: a
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    - ipBlock:
+        cidr: 10.11.0.0/16
+        except:
+        - 10.11.1.0/24
+    - namespaceSelector:
+        matchLabels:
+          team: b
+    - podSelector:
+        matchLabels:
+          app: frontend
+    ports:
+    - protocol: TCP
+      port: 80
+  egress:
+  - to:
+    - ipBlock:
+        cidr: 1.1.1.1/32
+    ports:
+    - protocol: TCP
+      port: 80

servicemesh/README.md

@@ -0,0 +1,3 @@
+# Service mesh
+
+--- https://istio.io/latest/docs/setup/getting-started/