Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace deprecated commands with new commands #16610

Merged
merged 1 commit into from
Oct 9, 2019
Merged

replace deprecated commands with new commands #16610

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions content/en/docs/tasks/administer-cluster/declare-network-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ The above list is sorted alphabetically by product name, not by recommendation o
To see how Kubernetes network policy works, start off by creating an `nginx` deployment.

```console
kubectl run nginx --image=nginx --replicas=2
kubectl create deployment nginx --image=nginx
```
```none
deployment.apps/nginx created
Expand Down Expand Up @@ -62,7 +62,6 @@ service/nginx 10.100.0.16 <none> 80/TCP 33s

NAME READY STATUS RESTARTS AGE
pod/nginx-701339712-e0qfq 1/1 Running 0 35s
pod/nginx-701339712-o00ef 1/1 Running 0 35s
```

## Test the service by accessing it from another pod
Expand All @@ -72,7 +71,7 @@ You should be able to access the new `nginx` service from other pods. To test, a
Start a busybox container, and use `wget` on the `nginx` service:

```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```

```console
Expand All @@ -97,14 +96,21 @@ metadata:
spec:
podSelector:
matchLabels:
run: nginx
app: nginx
ingress:
- from:
- podSelector:
matchLabels:
access: "true"
```

{{< note >}}

In the case, the label `app=nginx` is automatically added.
diguage marked this conversation as resolved.
Show resolved Hide resolved

{{< /note >}}


## Assign the policy to the service

Use kubectl to create a NetworkPolicy from the above nginx-policy.yaml file:
Expand All @@ -121,7 +127,7 @@ networkpolicy.networking.k8s.io/access-nginx created
If we attempt to access the nginx Service from a pod without the correct labels, the request will now time out:

```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```

```console
Expand All @@ -140,7 +146,7 @@ wget: download timed out
Create a pod with the correct labels, and you'll see that the request is allowed:

```console
kubectl run busybox --rm -ti --labels="access=true" --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --labels="access=true" --image=busybox -- /bin/sh
```

```console
Expand Down