Skip to content

Instantly share code, notes, and snippets.

@fredrb

fredrb/ROX-17486.md

Last active August 22, 2023 08:26
Show Gist options
  • Save fredrb/19024e3f85275661301c7659fd9ed5cc to your computer and use it in GitHub Desktop.
Save fredrb/19024e3f85275661301c7659fd9ed5cc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ROX-17486.md
  1. Deploy ACS to the cluster
  2. Create a new nasmespace to test the workloads
kubectl create ns test
  1. Create a server with restrictive network policy (e.g. block all traffic)
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all
spec:
  podSelector:
    matchLabels:
      app: nginx
  policyTypes:
  - Ingress
  - Egress
kubectl -n test -f ./server.yaml
  1. Check the server's pod IP
kubectl -n test get pods -o wide
  1. Create another pod that tries to communicate to it directly.
kubectl -n test run my-netflow --rm -i --tty --image quay.io/rhacs-demo/netflow -- -connect <POD_IP>:8080
  1. Validate that the logs show an error message (not able to connect to server)
  2. Validate what is being shown in the Network Graph. There should be no edge between the two nodes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment