From dc0e678be82a3c878e06906363030bc56fd10015 Mon Sep 17 00:00:00 2001
From: Tiexin Guo <guotiexin@gmail.com>
Date: Sun, 19 Dec 2021 14:54:52 +0800
Subject: [PATCH] feat: network separtion by namespaces

---
 deploy-namespace-separation.yaml  | 51 +++++++++++++++++++++++++++++++
 testpod-namespace-separation.yaml | 11 +++++++
 2 files changed, 62 insertions(+)
 create mode 100644 deploy-namespace-separation.yaml
 create mode 100644 testpod-namespace-separation.yaml

diff --git a/deploy-namespace-separation.yaml b/deploy-namespace-separation.yaml
new file mode 100644
index 0000000..c0dc775
--- /dev/null
+++ b/deploy-namespace-separation.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: namespace-a
+  labels:
+    team: a
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: namespace-b
+  labels:
+    team: b
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: k8s-security-demo
+  namespace: namespace-a
+  labels:
+    app: k8s-security-demo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: k8s-security-demo
+  template:
+    metadata:
+      labels:
+        app: k8s-security-demo
+    spec:
+      containers:
+      - name: hello
+        image: ironcore864/k8s-security-demo:pod-as-non-root
+        ports:
+          - containerPort: 8080
+        securityContext:
+          runAsNonRoot: True
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: k8s-security-demo
+  namespace: namespace-a
+spec:
+  selector:
+    app: k8s-security-demo
+  ports:
+    - port: 80
+      targetPort: 8080
diff --git a/testpod-namespace-separation.yaml b/testpod-namespace-separation.yaml
new file mode 100644
index 0000000..8627059
--- /dev/null
+++ b/testpod-namespace-separation.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: testpod
+  namespace: namespace-b
+spec:
+  containers:
+  - name: curl
+    image: curlimages/curl 
+    command: [ "sleep", "600" ]