HSBC 11-12/08/2021

# HSBC 11-12/08/2021 ## Trainers [Rafael Tanaka](mailto:rafael.tanaka@jetstack.io) [William Squires](mailto:william.squires@jetstack.io) ## Setup | Meeting ID | Password | | ---------- | ---------- | | 819 8338 5022 | to confirm | ### Links - [Download Zoom](https://zoom.us/download#client_4meeting) - [This Doc]() - [FlightDeck](https://flightdeck.jetstack.io) - you should have received an invitation email ## Schedule (BST) | | | |--|--| |Start|9:30| |Morning break|11:00-11:10| |Lunch|12:15-13:15| |Afternoon break|15:10-15:20| |Finish|17:00| ## Attendee Resources Domains needed for the workshop **06-Istio OIDC Authentication**: Before proceeding with the workshop please verify that both of your domains are pointing to the Istio Ingress Gateway: How do I check the Istio Gateway IP address?: ```bash= kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}' ``` You can perform a DNS lookup right [here](https://www.whatsmydns.net/) Make sure they domains match your Ingress gateway, if they do not speak to Rafael before proceeding with the workshop. kiali-david.inflight.jetstack.net dex-david.inflight.jetstack.net kiali-easwaran.inflight.jetstack.net dex-easwaran.inflight.jetstack.net kiali-jack.inflight.jetstack.net dex-jack.inflight.jetstack.net kiali-kamlesh.inflight.jetstack.net dex-kamlesh.inflight.jetstack.net kiali-karundeep.inflight.jetstack.net dex-karundeep.inflight.jetstack.net kiali-luka.inflight.jetstack.net dex-luka.inflight.jetstack.net kiali-luke.inflight.jetstack.net dex-luke.inflight.jetstack.net kiali-max.inflight.jetstack.net dex-max.inflight.jetstack.net kiali-nick.inflight.jetstack.net dex-nick.inflight.jetstack.net kiali-pradeep.inflight.jetstack.net dex-pradeep.inflight.jetstack.net kiali-prashant.inflight.jetstack.net dex-prashant.inflight.jetstack.net kiali-sandromar.inflight.jetstack.net dex-sandromar.inflight.jetstack.net kiali-scott.inflight.jetstack.net dex-scott.inflight.jetstack.net kiali-steven.inflight.jetstack.net dex-steven.inflight.jetstack.net kiali-yaswanth.inflight.jetstack.net dex-yaswanth.inflight.jetstack.net # Please add your personal email address below: prashantvaddadi@gmail.com kamleshkarath@gmail.com robin.gileborg@jetstack.io jackwillfly@gmail.com surovich@gmail.com David.Wallace@struie.com karunbains@gmail.com steven.f.lau@gmail.com reachyaswanth@gmail.com maxmqluo@gmail.com luka@evriala.net evil_duol@yahoo.com (Sandro) hand_qq@126.com pmenon53@gmail.com neelakandaneash@gmail.com # 03 - Let me in Network Policy ### Team 1 paste your Netpol here: ```yaml= apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: product-page-ingress namespace: netpol spec: podSelector: matchLabels: app: productpage ingress: - ports: - protocol: TCP port: 9080 from: - podSelector: matchLabels: istio: ingress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-egress-to-details spec: podSelector: matchLabels: app: details policyTypes: - Egress egress: - to: - namespaceSelector: matchLabels: netpol: "true" ports: - protocol: TCP port: 9080 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-egress-to-review spec: podSelector: matchLabels: app: reviews policyTypes: - Egress egress: - to: - namespaceSelector: matchLabels: netpol: "true" ports: - protocol: TCP port: 9080 ``` ### Team 2 paste your Netpol here: ```yaml= apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: productpage-policy namespace: netpol spec: podSelector: matchLabels: app: productpage ingress: - from: - podSelector: matchExpressions: - key: app operator: In values: - istio-ingressgateway egress: - to: - podSelector: matchExpressions: - key: app operator: In values: - reviews - details ``` ### Team 3 paste your Netpol here: ```yaml= apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: netpol spec: podSelector: matchLabels: app: productpage version: v1 policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: namespace: istio-system - to: - podSelector: matchLabels: app: details version: v1 - podSelector: matchLabels: app: reviews version: v1 - podSelector: matchLabels: app: reviews version: v2 - podSelector: matchLabels: app: reviews version: v3 - namespaceSelector: {} podSelector: matchLabels: k8s-app: kube-dns ports: - port: 53 protocol: UDP - namespaceSelector: matchLabels: namespace: istio-system ``` ### Team 4 paste your Netpol here: ```yaml= apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-egress-to-istio-system-and-kube-dns spec: podSelector: {} policyTypes: - Egress egress: - to: - namespaceSelector: matchLabels: kube-system: "true" ports: - protocol: UDP port: 53 - to: - namespaceSelector: matchLabels: istio: system ```