Networking Example - hostNetwork | hostPID | hostIPC | hostPort | NodePort | Capabilities examples

pods-example.sh

#### Prereqs
kubectl create ns influx
oc adm policy add-scc-to-user anyuid -z default -n influx

#### HostNetwork  
# pods in the host network of a node can communicate with all pods on all nodes without NAT
# Not using a separated network namespace. The pod will see the entire ip stack
# https://kubernetes.io/docs/concepts/cluster-administration/networking/#the-kubernetes-network-model

cat <<EOF > /tmp/influxdb-hostnetwork.yaml
apiVersion: v1
kind: Pod
metadata:
  name: influxdbhostnetwork
  namespace: influx
spec:
  hostNetwork: true
  securityContext:
    runAsUser: 0
  containers:
    - name: influxdb
      image: influxdb
EOF
kubectl apply -f /tmp/influxdb-hostnetwork.yaml
sleep 30
kubectl exec -ti -n influx influxdbhostnetwork -- ip ad

#### hostPort: 
# Note that the containers are not using port 8086 on the node, 
# nor are there any special NAT rules to route traffic to the pod. 
# This means you can run multiple nginx pods on the same node all using the same containerPort 
# and access them from any other pod or node in your cluster using IP.
# https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-pods-to-the-cluster

cat <<EOF > /tmp/influxdb-hostPort.yaml
apiVersion: v1
kind: Pod
metadata:
  name: influxdbhostport
  namespace: influx
spec:
  securityContext:
    runAsUser: 0
  containers:
    - name: influxdb
      image: influxdb
      ports:
        - containerPort: 8086
          hostPort: 8086
EOF
kubectl apply -f /tmp/influxdb-hostPort.yaml
sleep 30
kubectl exec -ti -n influx influxdbhostport -- ip ad

# The hostPort setting applies to the Kubernetes containers. 
# The container port will be exposed to the external network at :, 
# where the hostIP is the IP address of the Kubernetes node where the container 
# is running and the hostPort is the port requested by the user. 
# So, the hostPort feature allows to expose a single container port on the host IP.

#### NodePort: 

cat <<EOF > /tmp/influxdb-NodePort.yaml
apiVersion: v1
kind: Pod
metadata:
  name: influxdbnodeport
  labels:
    name: influxdb
spec:
  containers:
    - name: influxdb
      image: influxdb
      ports:
        - containerPort: 8086
EOF
kubectl apply -f /tmp/influxdb-NodePort.yaml

cat <<EOF > /tmp/influxdb-NodePort-svc.yaml
kind: Service
apiVersion: v1
metadata:
  name: influxdbnodeportsvc
spec:
  type: NodePort
  ports:
    - port: 8086
      nodePort: 30000
  selector:
    name: influxdb
EOF
kubectl apply -f /tmp/influxdb-NodePort-svc.yaml

# hostPID and hostIPC:

cat <<EOF > /tmp/influxdb-hostPIDandIPC.yaml
apiVersion: v1
kind: Pod
metadata:
  name: ubuntu
  labels:
    app: ubuntu
spec:
  containers:
  - image: ubuntu
    command:
      - "sleep"
      - "3600" # adjust this as needed -- use only as long as you need
    imagePullPolicy: IfNotPresent
    name: ubuntu
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_ADMIN"] # add the capabilities you need https://man7.org/linux/man-pages/man7/capabilities.7.html
      runAsUser: 0 # run as root (or any other user)
  restartPolicy: Never # we want to be intentional about running this pod
  hostIPC: true # Use the host's ipc namespace https://www.man7.org/linux/man-pages/man7/ipc_namespaces.7.html
  hostPID: true # Use the
EOF
kubectl apply -f /tmp/influxdb-hostPIDandIPC.yaml