CKA Quick Check Points -- Network

Quick recap for network. Details can click the title link or check the official doc.

SVC

1. create

# target port: listening port inside container # port: service internal port # NodePort: expose external port kubectl expose deployment nginx --name nginx-svc --port 8081 --target-port 80 --type [NodePort|ClusterIP] # --dry-run=client -oyaml 

2. curl

# on node curl localhost:NodePort # NodePort curl NODE_IP:NodePort # NodePort curl SVC_IP:SVC_Port # ClusterIP # in other pod (ClusterIP) curl SVC_NAME:SVC_Port curl SVC_IP:SVC_Port 

3. check

• endpoints
  • tells Kubernetes where to forward the traffic from the service.
• port-forward
  • Creating a network tunnel between your local machine and the Kubernetes cluster

# endpoints IP -> Pod IP k get endpoints # port-forward kubectl port-forward TYPE/NAME LOCAL_PORT:REMOTE_PORT 

Ingress

1. Yaml File

Notice: ingressClassName: if there is no ingressclass, create one first, if no IngressClass exists, the ingress resource will not be handled by any controller, and your routes won't work. Pls check official doc

spec: ingressClassName: nginx # used for ingress controller rules: - host: "foo.bar.com" # domain name http: paths: - pathType: Prefix path: "/bar" # http://domain/path backend: service: name: service1 # svc port: number: 80 # svc port 

2. Check

Pod IP -> endpoint IP -> ingress IP

# domain name should add into /etc/hosts file with the ingress IP curl DOMAINNAME:SVC_PORT 

NetworkPolicy

1. Fields

• act on pods:
  • namespace
  • podSelector
• type: ingress.from & egress.to
• traffic flow source/destination pods
  • namespaceSelector
  • podSelector
  • ports

and the yaml file here.

Notice:

Cross Node DNS should add the full name in Fully Qualified Domain Name (FQDN) format for a service:
<service-name>.<namespace-name>.svc.cluster.local

more details check official doc