Skip to content

Commit

Permalink
replace depercated commands with new commands
Browse files Browse the repository at this point in the history
  • Loading branch information
diguage committed Sep 29, 2019
1 parent db64ecd commit c212767
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions content/en/docs/tasks/administer-cluster/declare-network-policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ The above list is sorted alphabetically by product name, not by recommendation o
To see how Kubernetes network policy works, start off by creating an `nginx` deployment.

```console
kubectl run nginx --image=nginx --replicas=2
kubectl create deployment nginx --image=nginx
```
```none
deployment.apps/nginx created
Expand Down Expand Up @@ -62,7 +62,6 @@ service/nginx 10.100.0.16 <none> 80/TCP 33s
NAME READY STATUS RESTARTS AGE
pod/nginx-701339712-e0qfq 1/1 Running 0 35s
pod/nginx-701339712-o00ef 1/1 Running 0 35s
```

## Test the service by accessing it from another pod
Expand All @@ -72,7 +71,7 @@ You should be able to access the new `nginx` service from other pods. To test, a
Start a busybox container, and use `wget` on the `nginx` service:

```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```

```console
Expand All @@ -97,14 +96,21 @@ metadata:
spec:
podSelector:
matchLabels:
run: nginx
app: nginx
ingress:
- from:
- podSelector:
matchLabels:
access: "true"
```
{{< note >}}
In the case, the label `app=nginx` is automatically added.

{{< /note >}}


## Assign the policy to the service

Use kubectl to create a NetworkPolicy from the above nginx-policy.yaml file:
Expand All @@ -121,7 +127,7 @@ networkpolicy.networking.k8s.io/access-nginx created
If we attempt to access the nginx Service from a pod without the correct labels, the request will now time out:

```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```

```console
Expand All @@ -140,7 +146,7 @@ wget: download timed out
Create a pod with the correct labels, and you'll see that the request is allowed:

```console
kubectl run busybox --rm -ti --labels="access=true" --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --labels="access=true" --image=busybox -- /bin/sh
```

```console
Expand Down

0 comments on commit c212767

Please sign in to comment.