apiVersion: apps/v1
kind: Deployment
metadata:
  name: memcached-deployment
spec:
  selector:
    matchLabels:
      app: memcached-test
  replicas: 1
  template:
    metadata:
      labels:
        app: memcached-test
    spec:
      containers:
      - name: memcache
        image: memcached:1.6.12-alpine
        ports:
        - containerPort: 11211
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: memcached-test
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    # - ipBlock:
    #     cidr: 172.17.0.0/16
    #     except:
    #     - 172.17.1.0/24
    # - namespaceSelector:
    #     matchLabels:
    #       project: myproject
    - podSelector:
        matchLabels:
          app: myapp
          role: frontend
    ports:
    - protocol: TCP
      port: 11211
  # egress:
  # - to:
  #   - ipBlock:
  #       cidr: 10.0.0.0/24
  #   ports:
  #   - protocol: TCP
  #     port: 5978

---
apiVersion: v1
kind: Pod
metadata:
  name: alpine-memcached-sleep-access
  labels:
    app: myapp
    role: frontend
spec:
  containers:
  - name: alpine
    image: alpine:3.14
    args:
    - sleep
    - "1000000"
---
apiVersion: v1
kind: Pod
metadata:
  name: alpine-memcached-sleep-noaccess
  labels:
    app: myapp
    role: notfrontend
spec:
  containers:
  - name: alpine
    image: alpine:3.14
    args:
    - sleep
    - "1000000"
---
apiVersion: v1
kind: Service
metadata:
  name: memcache-service
spec:
  selector:
    app: memcached-test
  ports:
    - protocol: TCP
      port: 11211