Add network policy test

2021-10-10 17:04:29 +09:00 · 2021-10-10 17:04:29 +09:00 · f128bf8f38
commit f128bf8f38
parent 3bdcadb118
1 changed files with 97 additions and 0 deletions
--- a/generic/pod-network-policy.yaml
+++ b/generic/pod-network-policy.yaml
@ -0,0 +1,97 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: memcached-deployment
+spec:
+  selector:
+    matchLabels:
+      app: memcached-test
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: memcached-test
+    spec:
+      containers:
+      - name: memcache
+        image: memcached:1.6.12-alpine
+        ports:
+        - containerPort: 11211
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: test-network-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app: memcached-test
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  - from:
+    # - ipBlock:
+    #     cidr: 172.17.0.0/16
+    #     except:
+    #     - 172.17.1.0/24
+    # - namespaceSelector:
+    #     matchLabels:
+    #       project: myproject
+    - podSelector:
+        matchLabels:
+          app: myapp
+          role: frontend
+    ports:
+    - protocol: TCP
+      port: 11211
+  # egress:
+  # - to:
+  #   - ipBlock:
+  #       cidr: 10.0.0.0/24
+  #   ports:
+  #   - protocol: TCP
+  #     port: 5978
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: alpine-memcached-sleep-access
+  labels:
+    app: myapp
+    role: frontend
+spec:
+  containers:
+  - name: alpine
+    image: alpine:3.14
+    args:
+    - sleep
+    - "1000000"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: alpine-memcached-sleep-noaccess
+  labels:
+    app: myapp
+    role: notfrontend
+spec:
+  containers:
+  - name: alpine
+    image: alpine:3.14
+    args:
+    - sleep
+    - "1000000"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: memcache-service
+spec:
+  selector:
+    app: memcached-test
+  ports:
+    - protocol: TCP
+      port: 11211