Estudio de CKDA – Día 14

---

Actividad 13: Create a redis deployment using the image redis:alpine with 1 replica and label app=redis. Expose it via a clusterIP service called redis on port 6379. Create a new Ingress Type Networking Policy Called redis-access which allows only the pods with label access=redis to access the deployment.
Image: redis:alpine
Deployment created correctly?
Service Created Correctly?
Network Policy allows the correctpods?
Network policy applied on the correct pods?

---

Esta es un poco la actividad mas compleja que he hecho. Lo nuevo para mi es ‘Create new ingress type networking policy’

Todo primero configurado de forma declarativa

---

# Create a Redis deployment from redis:alpine with 1 replica expose via clusterIP port 6379.

# Create a new ingress type Network Policy Called redis-access which allow only the pods with label access=redis

—

apiVersion: apps/v1

kind: Deployment

metadata:

name: redis

namespace: default

spec:

replicas: 1

selector:

matchLabels:

app: redis

template:

metadata:

labels:

app: redis

spec:

containers:

– name: redis

image: redis:alpine

ports:

– containerPort: 6379

—

apiVersion: v1

kind: Service

metadata:

name: redis-service

namespace: default

spec:

selector:

app: redis

ports:

– protocol: TCP

port: 6379

targetPort: 6379

type: ClusterIP

—

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: redis-access

namespace: default

spec:

podSelector:

matchLabels:

app: redis

policyTypes:

– Ingress

ingress:

– from:

– podSelector:

matchLabels:

access: redis

ports:

– protocol: TCP

port: 6379

—

apiVersion: v1

kind: Pod

metadata:

name: redis-client

namespace: default

labels:

access: redis

spec:

containers:

– name: redis-client

image: redis:alpine

command: [“sleep”,”3600″]

---

Aca esta todo incluso comprobarlo con este comando

Pero mi PODMAN no funciona para clusterIP y ya tengo suficiente fatiga mental como para intentar cambiarlo a nodeport.

kubectl exec -it redis-client — redis-cli -h redis ping
—-

Conclusiones

la parte de NetworkPolicies es un objeto moderno que viene en otro namespace. Que probablemete no me voy a aprender networking.k8s.io/v1

Todo se puede configurar por pedazos y cada objeto tiene su propia configuracion, luego voy a intentar la otra seccion con NodePort o instalar otro driver de pods.

El resto se siente bastante tranquilo y natural. Deployment, Servicio, Pod de prueba.