kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

replace depercated commands with new commands (#16610)

pull/16666/head^2
diguage 2019-10-10 04:25:49 +08:00 committed by Kubernetes Prow Robot
parent e177e4e782
commit 2086e135f6
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/en/docs/tasks/administer-cluster/declare-network-policy.md
View File

@ -33,7 +33,7 @@ The above list is sorted alphabetically by product name, not by recommendation o
To see how Kubernetes network policy works, start off by creating an `nginx` deployment.
```console
kubectl run nginx --image=nginx --replicas=2
kubectl create deployment nginx --image=nginx
```
```none
deployment.apps/nginx created
@ -62,7 +62,6 @@ service/nginx 10.100.0.16 <none> 80/TCP 33s
NAME READY STATUS RESTARTS AGE
pod/nginx-701339712-e0qfq 1/1 Running 0 35s
pod/nginx-701339712-o00ef 1/1 Running 0 35s
```
## Test the service by accessing it from another pod
@ -72,7 +71,7 @@ You should be able to access the new `nginx` service from other pods. To test, a
Start a busybox container, and use `wget` on the `nginx` service:
```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```
```console
@ -97,7 +96,7 @@ metadata:
spec:
podSelector:
matchLabels:
run: nginx
app: nginx
ingress:
- from:
- podSelector:
@ -105,6 +104,13 @@ spec:
access: "true"
```
{{< note >}}
In the case, the label `app=nginx` is automatically added.
{{< /note >}}
## Assign the policy to the service
Use kubectl to create a NetworkPolicy from the above nginx-policy.yaml file:
@ -121,7 +127,7 @@ networkpolicy.networking.k8s.io/access-nginx created
If we attempt to access the nginx Service from a pod without the correct labels, the request will now time out:
```console
kubectl run busybox --rm -ti --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --image=busybox -- /bin/sh
```
```console
@ -140,7 +146,7 @@ wget: download timed out
Create a pod with the correct labels, and you'll see that the request is allowed:
```console
kubectl run busybox --rm -ti --labels="access=true" --image=busybox /bin/sh
kubectl run --generator=run-pod/v1 busybox --rm -ti --labels="access=true" --image=busybox -- /bin/sh
```
```console