Kubernetes Course Labs

Lab Solution

Start by deleting the original app:

kubectl delete -f labs/networkpolicy/specs/apod

kubectl delete -f labs/networkpolicy/specs/apod/network-policies

You should still have the default deny policy:

kubectl get netpol

My solution (in labs/networkpolicy/solution/apod) adds a namespace to all the Pod selectors:

Deploy the app:

kubectl apply -f labs/networkpolicy/solution/apod

Test the web app can access the API, and the API can access the external API:

kubectl exec -n apod deploy/apod-web -- wget -O- -T2 http://apod-api/image

Refresh http://localhost:30016, the app should be working correctly

Try to access the API from the sleep Pod:

kubectl exec sleep -- wget -O- http://apod-api.apod.svc.cluster.local/image

You'll get a bad address error, because the Pod can't access DNS

Try with the IP address instead:

kubectl get po -n apod -l app=apod-api -o wide

# this will fail with a timeout
kubectl exec sleep -- wget -O- -T2 http://<pod-ip-address>/image

Now you'll get a timeout error, because Calico is blocking the connection

Back to the exercises