From 3214fac17c7ec33be32fbf003fa375735c01dd88 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Fri, 4 Aug 2023 00:22:05 +0200
Subject: [PATCH] feat: k8s network policies examples

---
 .../global.deny-all-but-kube-dns.yaml         | 19 +++++++++++++++++++
 .../namespace.allow-everything.yaml           | 12 ++++++++++++
 knowledge base/kubernetes/network policies.md |  1 +
 3 files changed, 32 insertions(+)
 create mode 100644 examples/kubernetes/network policies/global.deny-all-but-kube-dns.yaml
 create mode 100644 examples/kubernetes/network policies/namespace.allow-everything.yaml

diff --git a/examples/kubernetes/network policies/global.deny-all-but-kube-dns.yaml b/examples/kubernetes/network policies/global.deny-all-but-kube-dns.yaml
new file mode 100644
index 0000000..6da254e
--- /dev/null
+++ b/examples/kubernetes/network policies/global.deny-all-but-kube-dns.yaml	
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: GlobalNetworkPolicy
+metadata:
+  name: deny-all-but-kube-dns
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - namespaceSelector: {}
+          podSelector:
+            matchLabels:
+              k8s-app: kube-dns
+      ports:
+        - port: 53
+          protocol: UDP
diff --git a/examples/kubernetes/network policies/namespace.allow-everything.yaml b/examples/kubernetes/network policies/namespace.allow-everything.yaml
new file mode 100644
index 0000000..26f43c5
--- /dev/null
+++ b/examples/kubernetes/network policies/namespace.allow-everything.yaml	
@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-everything-in-same-namespace
+spec:
+  podSelector: {}
+  ingress:
+    - from:
+        - podSelector: {}
+  egress:
+    - to:
+        - podSelector: {}
diff --git a/knowledge base/kubernetes/network policies.md b/knowledge base/kubernetes/network policies.md
index 25b2e26..9fb78c2 100644
--- a/knowledge base/kubernetes/network policies.md	
+++ b/knowledge base/kubernetes/network policies.md	
@@ -40,6 +40,7 @@ All the references in the [further readings] section, plus the following:
 <!-- Others -->
 [an introduction to kubernetes network policies for security people]: https://reuvenharrison.medium.com/an-introduction-to-kubernetes-network-policies-for-security-people-ba92dd4c809d
 [get started with kubernetes network policy]: https://docs.tigera.io/calico/latest/network-policy/get-started/kubernetes-policy/kubernetes-network-policy
+[graphical editor]: https://editor.networkpolicy.io/
 [implementing kubernetes network policies: a comprehensive guide]: https://blog.kubesimplify.com/implementing-kubernetes-network-policies-a-comprehensive-guide
 [kubernetes network policy recipes]: https://github.com/ahmetb/kubernetes-network-policy-recipes
 [setting up kubernetes network policies: a detailed guide]: https://www.cncf.io/blog/2019/04/19/setting-up-kubernetes-network-policies-a-detailed-guide/