```bash kubectl run nginx --image=nginx --restart=Never --port=80 --expose # observe that a pod as well as a service are created ```
```bash kubectl get svc nginx # services kubectl get ep # endpoints ```
```bash kubectl get svc nginx # get the IP (something like 10.108.93.130) kubectl run busybox --rm --image=busybox -it --restart=Never -- sh wget -O- IP:80 exit ```
or```bash IP=$(kubectl get svc nginx --template={{.spec.clusterIP}}) # get the IP (something like 10.108.93.130) kubectl run busybox --rm --image=busybox -it --restart=Never --env="IP=$IP" -- wget -O- $IP:80 --timeout 2 # Tip: --timeout is optional, but it helps to get answer more quickly when connection fails (in seconds vs minutes) ```
```bash
kubectl edit svc nginx
```
```yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-06-25T07:55:16Z
name: nginx
namespace: default
resourceVersion: "93442"
selfLink: /api/v1/namespaces/default/services/nginx
uid: 191e3dac-784d-11e8-86b1-00155d9f663c
spec:
clusterIP: 10.97.242.220
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: nginx
sessionAffinity: None
type: NodePort # change cluster IP to nodeport
status:
loadBalancer: {}
```
```bash
kubectl get svc
```
```
# result:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1
```bash kubectl create deploy foo --image=dgkanatsios/simpleapp --port=8080 --replicas=3 ```
```bash kubectl get pods -l app=foo -o wide # 'wide' will show pod IPs kubectl run busybox --image=busybox --restart=Never -it --rm -- sh wget -O- POD_IP:8080 # do not try with pod name, will not work # try hitting all IPs to confirm that hostname is different exit ```
```bash kubectl expose deploy foo --port=6262 --target-port=8080 kubectl get service foo # you will see ClusterIP as well as port 6262 kubectl get endpoints foo # you will see the IPs of the three replica nodes, listening on port 8080 ```
```bash kubectl get svc # get the foo service ClusterIP kubectl run busybox --image=busybox -it --rm --restart=Never -- sh wget -O- foo:6262 # DNS works! run it many times, you'll see different pods responding wget -O- SERVICE_CLUSTER_IP:6262 # ClusterIP works as well # you can also kubectl logs on deployment pods to see the container logs kubectl delete svc foo kubectl delete deploy foo ```
```bash kubectl create deployment nginx --image=nginx --replicas=2 kubectl expose deployment nginx --port=80 kubectl describe svc nginx # see the 'app=nginx' selector for the pods # or kubectl get svc nginx -o yaml vi policy.yaml ``` ```YAML kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx # pick a name spec: podSelector: matchLabels: app: nginx # selector for the pods ingress: # allow ingress traffic - from: - podSelector: # from pods matchLabels: # with this label access: granted ``` ```bash # Create the NetworkPolicy kubectl create -f policy.yaml # Check if the Network Policy has been created correctly # make sure that your cluster's network provider supports Network Policy (https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/#before-you-begin) kubectl run busybox --image=busybox --rm -it --restart=Never -- wget -O- http://nginx:80 --timeout 2 # This should not work. --timeout is optional here. But it helps to get answer more quickly (in seconds vs minutes) kubectl run busybox --image=busybox --rm -it --restart=Never --labels=access=granted -- wget -O- http://nginx:80 --timeout 2 # This should be fine ```