Skip to content

Instantly share code, notes, and snippets.

@rcarrata

rcarrata/pods-example.sh

Last active October 14, 2021 13:52
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rcarrata/c3ceda82990244a2c41b869b986890c7 to your computer and use it in GitHub Desktop.
Save rcarrata/c3ceda82990244a2c41b869b986890c7 to your computer and use it in GitHub Desktop.
Download ZIP
Networking Example - hostNetwork | hostPID | hostIPC | hostPort | NodePort | Capabilities examples
Raw
pods-example.sh
#### Prereqs
kubectl create ns influx
oc adm policy add-scc-to-user anyuid -z default -n influx
#### HostNetwork
# pods in the host network of a node can communicate with all pods on all nodes without NAT
# Not using a separated network namespace. The pod will see the entire ip stack
# https://kubernetes.io/docs/concepts/cluster-administration/networking/#the-kubernetes-network-model
cat <<EOF > /tmp/influxdb-hostnetwork.yaml
apiVersion: v1
kind: Pod
metadata:
name: influxdbhostnetwork
namespace: influx
spec:
hostNetwork: true
securityContext:
runAsUser: 0
containers:
- name: influxdb
image: influxdb
EOF
kubectl apply -f /tmp/influxdb-hostnetwork.yaml
sleep 30
kubectl exec -ti -n influx influxdbhostnetwork -- ip ad
#### hostPort:
# Note that the containers are not using port 8086 on the node,
# nor are there any special NAT rules to route traffic to the pod.
# This means you can run multiple nginx pods on the same node all using the same containerPort
# and access them from any other pod or node in your cluster using IP.
# https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-pods-to-the-cluster
cat <<EOF > /tmp/influxdb-hostPort.yaml
apiVersion: v1
kind: Pod
metadata:
name: influxdbhostport
namespace: influx
spec:
securityContext:
runAsUser: 0
containers:
- name: influxdb
image: influxdb
ports:
- containerPort: 8086
hostPort: 8086
EOF
kubectl apply -f /tmp/influxdb-hostPort.yaml
sleep 30
kubectl exec -ti -n influx influxdbhostport -- ip ad
# The hostPort setting applies to the Kubernetes containers.
# The container port will be exposed to the external network at :,
# where the hostIP is the IP address of the Kubernetes node where the container
# is running and the hostPort is the port requested by the user.
# So, the hostPort feature allows to expose a single container port on the host IP.
#### NodePort:
cat <<EOF > /tmp/influxdb-NodePort.yaml
apiVersion: v1
kind: Pod
metadata:
name: influxdbnodeport
labels:
name: influxdb
spec:
containers:
- name: influxdb
image: influxdb
ports:
- containerPort: 8086
EOF
kubectl apply -f /tmp/influxdb-NodePort.yaml
cat <<EOF > /tmp/influxdb-NodePort-svc.yaml
kind: Service
apiVersion: v1
metadata:
name: influxdbnodeportsvc
spec:
type: NodePort
ports:
- port: 8086
nodePort: 30000
selector:
name: influxdb
EOF
kubectl apply -f /tmp/influxdb-NodePort-svc.yaml
# hostPID and hostIPC:
cat <<EOF > /tmp/influxdb-hostPIDandIPC.yaml
apiVersion: v1
kind: Pod
metadata:
name: ubuntu
labels:
app: ubuntu
spec:
containers:
- image: ubuntu
command:
- "sleep"
- "3600" # adjust this as needed -- use only as long as you need
imagePullPolicy: IfNotPresent
name: ubuntu
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_ADMIN"] # add the capabilities you need https://man7.org/linux/man-pages/man7/capabilities.7.html
runAsUser: 0 # run as root (or any other user)
restartPolicy: Never # we want to be intentional about running this pod
hostIPC: true # Use the host's ipc namespace https://www.man7.org/linux/man-pages/man7/ipc_namespaces.7.html
hostPID: true # Use the
EOF
kubectl apply -f /tmp/influxdb-hostPIDandIPC.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment