Skip to content

Instantly share code, notes, and snippets.

@dkeightley

dkeightley/pod-network-failure.yml

Last active March 1, 2023 20:36
Show Gist options
  • Save dkeightley/64473336cb504191b5b8027081ffc332 to your computer and use it in GitHub Desktop.
Save dkeightley/64473336cb504191b5b8027081ffc332 to your computer and use it in GitHub Desktop.
Download ZIP
pod-network-failure.yml
Raw
pod-network-failure.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: working-nginx
spec:
selector:
matchLabels:
name: working-nginx
replicas: 1
template:
metadata:
labels:
name: working-nginx
service: pod-network-test
netpol: "false"
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: broken-nginx
spec:
selector:
matchLabels:
name: broken-nginx
replicas: 1
template:
metadata:
labels:
name: broken-nginx
service: pod-network-test
netpol: "true"
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: pod-network-test
labels:
service: pod-network-test
spec:
ports:
- port: 80
protocol: TCP
selector:
service: pod-network-test
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pod-network-test
# annotations:
# nginx.ingress.kubernetes.io/proxy-next-upstream: "off"
spec:
rules:
- host: "pod-network-test.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pod-network-test
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-broken-nginx-ingress
spec:
podSelector:
matchLabels:
netpol: "true"
policyTypes:
- Ingress
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment