The focus of this lab is to become familar with kubernete services and network policies.
-
How many services exist?
-
What are there service type?
-
What is the targetPort configured on
kubernetesservice? -
How many labels are configured on
kubernetesservice? -
How many endpoints are configured on
kubernetesservice? -
Create deployment for lab6-1.yaml
k apply -f lab6-1.yaml -
Create a port-forward to a nginx-service:
k port-forward service/nginx-service 8080:80Did it succeed? -
Create a service named nginx-service, Type: NodePort, port: 80, nodePort: 30080, selector on pods for deployment
-
Recreate port-forward from step 7. Use browser and go to http://localhost:8080
-
Delete and Recreate service as a ClusterIP. Get the ClusterIP
-
Start a bash shell on one of the pods. If the pod is named
webapp-deploy-67bd9888bb-jdkfdrun:k exec -it webapp-deploy-67bd9888bb-jdkfd -- /bin/bashand curl the ClusterIP
-
How many network policies are there?
-
What pod is the network policy applied on?
-
What type of traffic is it setup to handle? Ingress? Egress? Both? Neither?
-
What is true? a. traffic from internal to payroll pod is blocked b. traffic to and from internal pod is blocked c. traffic from internal to payroll pod is allowed d. traffic to and from payroll pod is blocked
-
What is true? a. internal pod can ping payroll pod b. external pod can access port 8080 on payroll pod c. internal pod acan access port 8080 on payroll pod d. external pod can ping payroll pod
-
Create pods for lab6-3.yaml
k apply -f lab6-2.yaml. This has aninternal,externalandpayrollpods. After creating, get pods list with "wide" output and look at IPs for pods. hint:k get pods -o wide -
Assuming a payroll IP of
10.244.0.65, start a shell in external pod with:k exec -it external -- /bin/bashand curl the payroll IP. -
Create a Network Policy for payroll which does NOT allow access to payroll, however internal should have access to payroll. (checking this on "kind" will not work... why?)