|NO.Z.00420|——————————|CloudNative|——|KuberNetes&NetworkPolicy.V12|——|Ingress.v03|服务发布限制.v03|

一、验证不允许的pod(跨namespace)是否通信

### --- 验证不允许的pod(跨namespace)是否通信
~~~     是不可以通信的

[root@k8s-master01 ~]# kubectl get po -owide
NAME                          READY   STATUS    RESTARTS   AGE   IP               NODE           NOMINATED NODE   READINESS GATES
debug-tools                   1/1     Running   1          49m   172.25.244.242   k8s-master01   <none>           <none>
[root@k8s-master01 ~]# kubectl  exec debug-tools -- curl --connect-timeout 2 -Is nginx.nw-demo
command terminated with exit code 28

二、验证在同namespace下是否通信

### --- 验证在同namespace下是否通信

~~~     同namespace下是可以通信的，
~~~     因为网络策略配置是允许的
~~~     前端可能会调用它的服务

[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME                     READY   STATUS    RESTARTS   AGE     IP               NODE           NOMINATED NODE   READINESS GATES
debug-tools              1/1     Running   0          71m     172.25.244.241   k8s-master01   <none>           <none>
[root@k8s-master01 ~]# kubectl  exec debug-tools -n nw-demo -- curl --connect-timeout 2 -Is nginx.nw-demo
HTTP/1.1 200 OK

三、验证Ingress controller是否通信

### --- 验证Ingress controller是否通信
~~~     有这个标签的pod可以通信的

[root@k8s-master01 ~]# kubectl get po -n ingress-nginx -owide
NAME                             READY   STATUS    RESTARTS   AGE     IP             NODE           NOMINATED NODE   READINESS GATES
ingress-nginx-controller-t6xkh   1/1     Running   0          2m7s    192.168.1.12   k8s-master02   <none>           <none>
[root@k8s-master01 ~]# kubectl exec -ti ingress-nginx-controller-t6xkh -n ingress-nginx -- bash
bash-5.0$ curl http://nginx.nw-demo
<h1>Welcome to nginx!</h1>

四、验证域名是否可以通信

### --- 创建符合标签的域名ingress.pod

[root@k8s-master01 ~]# kubectl  create ingress nginx  --rule="testnp.com/*=nginx:80" -n nw-demo
ingress.networking.k8s.io/nginx created

### --- 查看创建的服务

[root@k8s-master01 ~]# kubectl get ingress -n nw-demo 
NAME    CLASS    HOSTS        ADDRESS          PORTS   AGE
nginx   <none>   testnp.com   10.110.212.142   80      96s

### --- 验证请求这个ingress是否通信
~~~     # 验证是否可以通信
~~~     验证是可以通信的

[root@k8s-master01 ~]# kubectl get po -n ingress-nginx -owide
NAME                             READY   STATUS              RESTARTS   AGE     IP             NODE           NOMINATED NODE   READINESS GATES
ingress-nginx-controller-t6xkh   1/1     Running             0          11m     192.168.1.12   k8s-master02   <none>           <none>
[root@k8s-master01 ~]# curl -H "Host:testnp.com" 192.168.1.12
<h1>Welcome to nginx!</h1> 

五、验证其它的服务是否可以通过ingresscontroller访问

### --- 验证在同namespace下redis是否可以被ingress-controller访问

[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME                     READY   STATUS    RESTARTS   AGE    IP               NODE           NOMINATED NODE   READINESS GATES
mysql-69d6f69557-ht5cp   1/1     Running   0          112m   172.25.92.115    k8s-master02   <none>           <none>
redis-c9fdb57d5-4wd78    1/1     Running   0          4h1m   172.17.125.14    k8s-node01     <none>           <none>

### --- 验证redis服务是否可以通信
~~~     是不可以通信的，
~~~     在配置中已经隔离掉了

[root@k8s-master01 ~]# kubectl exec -ti  ingress-nginx-controller-t6xkh -n ingress-nginx -- bash
bash-5.0$ curl 172.25.92.115:3306

---

 

 

 

 

 

 

 

 

 

---

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart

                                                                                                                                                   ——W.S.Landor

---