Last active
July 8, 2016 02:21
-
-
Save v1k0d3n/5fdec9ff33e001fbe4d276ad8fcf9282 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ubuntu@romana-controller:~/demo$ ./demo.sh | |
| $ # Get a list of nodes in the environment | |
| $ kubectl get nodes | |
| NAME STATUS AGE | |
| romana-compute01 Ready 3h | |
| romana-controller Ready 3h | |
| # anybody here? let's see if we have a pod | |
| $ get_pods | |
| $ | |
| # How about we start up a few pods with a resource controller | |
| $ kubectl create -f example-controller.yaml | |
| replicationcontroller "nginx-default" created | |
| # anybody here now? | |
| $ get_pods | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-compute01", | |
| "podIP": "10.1.16.4", | |
| "Name": "nginx-default-26b06" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-controller", | |
| "podIP": "10.0.16.5", | |
| "Name": "nginx-default-d7nrl" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-compute01", | |
| "podIP": "10.1.16.5", | |
| "Name": "nginx-default-tv71r" | |
| } | |
| # create the namespace for some additional pods | |
| $ kubectl create -f namespace-tenant-a.yaml | |
| namespace "tenant-a" created | |
| # create a pod on 'frontend' segment in 'tenant-a' namespace | |
| $ kubectl create -f pod-frontend.yaml | |
| pod "nginx-frontend" created | |
| # create a pod on 'backend' segment in 'tenant-a' namespace | |
| $ kubectl create -f pod-backend.yaml; sleep 5 | |
| pod "nginx-backend" created | |
| # let’s find out where the pods are | |
| $ get_pods; get_pods 'tenant-a' | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-compute01", | |
| "podIP": "10.1.16.4", | |
| "Name": "nginx-default-26b06" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-controller", | |
| "podIP": "10.0.16.5", | |
| "Name": "nginx-default-d7nrl" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-compute01", | |
| "podIP": "10.1.16.5", | |
| "Name": "nginx-default-tv71r" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-compute01", | |
| "podIP": "10.1.33.3", | |
| "Name": "nginx-backend" | |
| } | |
| { | |
| "Status": "Running", | |
| "NodeID": "romana-controller", | |
| "podIP": "10.0.32.3", | |
| "Name": "nginx-frontend" | |
| } | |
| # we should only see our 'internal' local interface | |
| $ kubectl --namespace=tenant-a exec nginx-backend -- ip addr | |
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default | |
| link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | |
| inet 127.0.0.1/8 scope host lo | |
| valid_lft forever preferred_lft forever | |
| inet6 ::1/128 scope host | |
| valid_lft forever preferred_lft forever | |
| 18: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 | |
| link/ether 62:4b:f7:a9:29:74 brd ff:ff:ff:ff:ff:ff | |
| inet 10.1.33.3/16 scope global eth0 | |
| valid_lft forever preferred_lft forever | |
| inet6 fe80::604b:f7ff:fea9:2974/64 scope link | |
| valid_lft forever preferred_lft forever | |
| # let's have our frontend load data from the backend | |
| $ kubectl --namespace=tenant-a exec nginx-frontend -- curl 10.1.33.3 --connect-timeout 5 | |
| % Total % Received % Xferd Average Speed Time Time Time Current | |
| Dload Upload Total Spent Left Speed | |
| 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Welcome to nginx!</title> | |
| <style> | |
| body { | |
| width: 35em; | |
| margin: 0 auto; | |
| font-family: Tahoma, Verdana, Arial, sans-serif; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Welcome to nginx!</h1> | |
| <p>If you see this page, the nginx web server is successfully installed and | |
| working. Further configuration is required.</p> | |
| <p>For online documentation and support please refer to | |
| <a href="http://nginx.org/">nginx.org</a>.<br/> | |
| Commercial support is available at | |
| <a href="http://nginx.com/">nginx.com</a>.</p> | |
| <p><em>Thank you for using nginx.</em></p> | |
| </body> | |
| </html> | |
| 100 612 100 612 0 0 1528 0 --:--:-- --:--:-- --:--:-- 1526 | |
| # we can add isolation too. Let's see that. Quick cleanup first | |
| $ kubectl --namespace=tenant-a delete pod nginx-backend; kubectl --namespace=tenant-a delete pod nginx-frontend; sleep 5 | |
| pod "nginx-backend" deleted | |
| pod "nginx-frontend" deleted | |
| # enable isolation for 'tenant-a' namespace. | |
| $ kubectl annotate --overwrite namespaces 'tenant-a' 'net.beta.kubernetes.io/networkpolicy={"ingress": {"isolation": "DefaultDeny"}}' | |
| namespace "tenant-a" annotated | |
| # create the frontend and backend pods | |
| $ kubectl create -f pod-frontend.yaml; kubectl create -f pod-backend.yaml; sleep 5 | |
| pod "nginx-frontend" created | |
| pod "nginx-backend" created | |
| # let's try to have the frontend load data from the backend | |
| $ kubectl --namespace=tenant-a exec nginx-frontend -- curl 10.1.33.4 --connect-timeout 5 | |
| % Total % Received % Xferd Average Speed Time Time Time Current | |
| Dload Upload Total Spent Left Speed | |
| 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0curl: (28) Connection timed out after 5000 milliseconds | |
| error: error executing remote command: error executing command in container: Error executing in Docker Container: 28 | |
| # now let's add a policy that permits frontend to connect to the backend | |
| $ kubectl --namespace=tenant-a create -f romana-np-frontend-to-backend.yml; sleep 5 | |
| networkpolicy "pol1" created | |
| # this permits us to connect from frontend to backend | |
| $ kubectl --namespace=tenant-a exec nginx-frontend -- curl 10.1.33.4 --connect-timeout 5 | |
| % Total % Received % Xferd Average Speed Time Time Time Current | |
| Dload Upload Total Spent Left Speed | |
| 100 612 100 612 0 0 1478 0 --:--:-- --:--:-- --:--:<!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Welcome to nginx!</title> | |
| <style> | |
| body { | |
| width: 35em; | |
| margin: 0 auto; | |
| font-family: Tahoma, Verdana, Arial, sans-serif; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Welcome to nginx!</h1> | |
| <p>If you see this page, the nginx web server is successfully installed and | |
| working. Further configuration is required.</p> | |
| <p>For online documentation and support please refer to | |
| <a href="http://nginx.org/">nginx.org</a>.<br/> | |
| Commercial support is available at | |
| <a href="http://nginx.com/">nginx.com</a>.</p> | |
| <p><em>Thank you for using nginx.</em></p> | |
| </body> | |
| </html> | |
| -- 1478 | |
| # Demo completed (cleaning up) | |
| $ kubectl --namespace=tenant-a delete networkpolicy pol1; kubectl --namespace=tenant-a delete pod nginx-backend; kubectl --namespace=tenant-a delete pod nginx-frontend; kubectl delete namespace tenant-a; kubectl delete replicationcontroller nginx-default; delete_tenant 'tenant-a' | |
| networkpolicy "pol1" deleted | |
| pod "nginx-backend" deleted | |
| pod "nginx-frontend" deleted | |
| namespace "tenant-a" deleted | |
| replicationcontroller "nginx-default" deleted | |
| $ | |
| ubuntu@romana-controller:~/demo$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment