kubernetes: v1.25.3
Minicube: v1.28.0
- Install kubernetes and start minikube with Calico CNI Manifest
minikube start --network-plugin=cni
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calico.yaml
kubectl create secret docker-registry <your-secret-name> --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email> --output=yaml > <your-yaml-filename>
-
Change the image path in
docker-cats.yaml
to your registry -
Create a namespace call
docker-cats
kubectl create namespace docker-cats
- Change current namespace
kubens docker-cats
- Enable addons
minikube addons enable ingress # ingress
minikube addons enable metrics-server # hpa
- Apply all the
.yaml
kubectl apply -f docker-cats.yaml
kubectl apply -f docker-cats-configmap.yaml
kubectl apply -f docker-cats-ingress.yaml
kubectl apply -f docker-cats-network.yaml
- Direct the ingress domain name to localhost in order to test ingress.
# You can also modify your `/etc/hosts` by `sudo vim`
sudo -- sh -c 'echo "127.0.0.1 baby.com" >> /etc/hosts'
sudo -- sh -c 'echo "127.0.0.1 green.com" >> /etc/hosts'
sudo -- sh -c 'echo "127.0.0.1 dark.com" >> /etc/hosts'
- Run
minikube tunnel
to enable http and https port
# The service/ingress docker-cats-ingress requires privileged ports to be exposed: [80 443]
minikube tunnel
- Open your browser and paste the following URL
http://baby.com/
http://green.com/
http://dark.com/
- Test for liveness probe
kubectl exec -it <pod name> -- sh
# Ref: https://stackoverflow.com/questions/11583562/how-to-kill-a-process-running-on-particular-port-in-linux
lsof -i:8080
kill <busybox PID>
- Test for HPA
while true; do curl http://baby.com; done
- Test network policy
- Try to modify
docker-cats-network.yaml
and apply it to see the difference. - If you are able to visit the URL in
step 8
which means your ingress is open to your host. - If you are not able to use
wget
to download external file via the internet which means your egress is not open to the external address.
# enter your pod and test egress
kubectl exec -it <pod name> -- sh
wget http://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz