asksven · April 13, 2020 14:28
diff --git a/deployment-final.yaml b/deployment-final.yaml
 kind: List
 apiVersion: v1
 items:
 - apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: traefik
    name: status
  spec:
    rules:
    - host: kccss-final.yourdomain.tld
      http:
        paths:
        - backend:
            serviceName: nginx-svc
            servicePort: 80
 - apiVersion: v1
  kind: Service
  metadata:
    name: nginx-svc
  spec:
    ports:
    - port: 80
      protocol: TCP
      targetPort: 8080
    selector:
      app: nginx
    sessionAffinity: None
    type: ClusterIP
 - apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: nginx
    name: nginx-deployment
  spec:
    progressDeadlineSeconds: 600
    replicas: 2
    revisionHistoryLimit: 2
    selector:
      matchLabels:
        app: nginx
    strategy:
      rollingUpdate:
        maxSurge: 25%
        maxUnavailable: 25%
      type: RollingUpdate
    template:
      metadata:
        labels:
          app: nginx
      spec:
        securityContext:
          runAsUser: 999
        containers:
        - image: nginxinc/nginx-unprivileged:latest
          imagePullPolicy: Always
          name: nginx
          ports:
          - containerPort: 8080
            protocol: TCP
          securityContext:
            capabilities:
              drop:
                - NET_RAW
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          resources:
            limits:
              cpu: "100m"
              memory: "10Mi"
            requests:
              cpu: "80m"
              memory: "4Mi"             
          volumeMounts:
          - mountPath: /tmp
            name: tmp                    
        volumes:
        - emptyDir: {}
          name: tmp             
 - apiVersion: networking.k8s.io/v1          
  kind: NetworkPolicy
  metadata:
    name: web-allow-ingress
  spec:
    podSelector:
      matchLabels:
        app: nginx
    ingress:
    - ports:
      - port: 80           
    - from:      
      - namespaceSelector:
          matchLabels:
            purpose: ingress
 - kind: NetworkPolicy
  apiVersion: networking.k8s.io/v1
  metadata:
    name: default-deny-all-egress
  spec:
    policyTypes:
    - Egress
    podSelector: {}
    egress: []
	kind: List
	apiVersion: v1
	items:
	- apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	annotations:
	kubernetes.io/ingress.class: traefik
	name: status
	spec:
	rules:
	- host: kccss-final.yourdomain.tld
	http:
	paths:
	- backend:
	serviceName: nginx-svc
	servicePort: 80
	- apiVersion: v1
	kind: Service
	metadata:
	name: nginx-svc
	spec:
	ports:
	- port: 80
	protocol: TCP
	targetPort: 8080
	selector:
	app: nginx
	sessionAffinity: None
	type: ClusterIP
	- apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx
	name: nginx-deployment
	spec:
	progressDeadlineSeconds: 600
	replicas: 2
	revisionHistoryLimit: 2
	selector:
	matchLabels:
	app: nginx
	strategy:
	rollingUpdate:
	maxSurge: 25%
	maxUnavailable: 25%
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: nginx
	spec:
	securityContext:
	runAsUser: 999
	containers:
	- image: nginxinc/nginx-unprivileged:latest
	imagePullPolicy: Always
	name: nginx
	ports:
	- containerPort: 8080
	protocol: TCP
	securityContext:
	capabilities:
	drop:
	- NET_RAW
	runAsNonRoot: true
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	resources:
	limits:
	cpu: "100m"
	memory: "10Mi"
	requests:
	cpu: "80m"
	memory: "4Mi"
	volumeMounts:
	- mountPath: /tmp
	name: tmp
	volumes:
	- emptyDir: {}
	name: tmp
	- apiVersion: networking.k8s.io/v1
	kind: NetworkPolicy
	metadata:
	name: web-allow-ingress
	spec:
	podSelector:
	matchLabels:
	app: nginx
	ingress:
	- ports:
	- port: 80
	- from:
	- namespaceSelector:
	matchLabels:
	purpose: ingress
	- kind: NetworkPolicy
	apiVersion: networking.k8s.io/v1
	metadata:
	name: default-deny-all-egress
	spec:
	policyTypes:
	- Egress
	podSelector: {}
	egress: []