Skip to content

Instantly share code, notes, and snippets.

What would you like to do?


Baremetal OpenShift 4.2.0

$ oc version
Client Version: openshift-clients-4.3.0-201909231341
Server Version: 4.2.0
Kubernetes Version: v1.14.6+2e5ed54

Deploy demo application

oc new-project np-test

oc new-app nginx-example
oc logs -f bc/nginx-example
# After build is done
oc scale dc/nginx-example --replicas=2

Setup network policy "default-deny"

oc create -f - <<EOF
apiVersion: extensions/v1beta1
kind: NetworkPolicy
  name: deny-by-default
  podSelector: {}
  - Ingress

Check connection

oc get pods -o wide -l app=nginx-example
NAME                    READY   STATUS    RESTARTS   AGE    IP            NODE        NOMINATED NODE   READINESS GATES
nginx-example-1-ls67j   1/1     Running   0          6d1h   compute-0   <none>           <none>
nginx-example-1-ssqnf   1/1     Running   0          38s   compute-1   <none>           <none>
$ oc rsh nginx-example-1-ls67j curl -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Sun, 17 Nov 2019 17:41:36 GMT
Content-Type: text/html
Content-Length: 37451
Last-Modified: Mon, 11 Nov 2019 16:14:50 GMT
Connection: keep-alive
ETag: "5dc988fa-924b"
Accept-Ranges: bytes

$ oc rsh nginx-example-1-ls67j curl -I


Source Target Expected result Result
pod on compute-0 pod on compute-0 FAIL PASS
pod on compute-0 pod on compute-1 FAIL FAIL

Normal behavior because:

oc rsh nginx-example-1-ls67j cat /proc/net/fib_trie | grep "|--"   | egrep -v "| 127."
     |-- is at the end "localhost"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.