19. Basic understanding of Kubernetes NetworkPolicies

Опубликовано: 21 Ноябрь 2024
на канале: iMustLearn

Install Canal:
wget -O canal.yaml https://docs.projectcalico.org/archiv...
kubectl apply -f canal.yaml

** Example:1 **
vi my-nginx-pod.comm.yaml

apiVersion: v1
kind: Pod
metadata:
name: my-nginx-commu-pod
labels:
app: my-nginx-pc
spec:
containers:
name: my-nginx-commu-container
image: nginx
ports:
containerPort: 80

kubectl create -f my-nginx-pod.comm.yaml

** Example:2 **
vi my-busybox-curl-comm.yaml

apiVersion: v1
kind: Pod
metadata:
name: my-busybox-comm-pod
spec:
containers:
name: my-busybox-comm-container
image: radial/busyboxplus:curl
command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]

kubectl create -f my-busybox-curl-comm.yaml

kubectl get pods my-nginx-commu-pod -o wide

kubectl exec my-busybox-comm-pod -- curl [ip address]

** Example:2 **
vi my-pod-networkpolicy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-nginx-comm-np-pod
spec:
podSelector:
matchLabels:
app: my-nginx-pc
policyTypes:
Ingress
Egress
ingress:
from:
podSelector:
matchLabels:
can-i-access: "true"
ports:
protocol: TCP
port: 80
egress:
to:
podSelector:
matchLabels:
can-i-access: "true"
ports:
protocol: TCP
port: 80

kubectl create -f my-pod-networkpolicy.yaml

kubectl get networkpolicies

kubectl exec my-busybox-comm-pod -- curl [ip]

kubectl edit pod my-busybox-comm-pod
*** edit the radial busy box pod definition file to include the label can-i-access
name: my-busybox-comm-pod
namespace: default
resourceVersion: "647811"
selfLink: /api/v1/namespaces/default/pods/my-busybox-comm-pod
uid: c7b60275-4cce-439b-b0be-cded63dea5d1
labels:
can-i-access: "true"
spec:
containers:
command:
/bin/sh
-c
while true; do sleep 3600; done

*******************************
kubectl exec my-busybox-comm-pod -- curl [ip]