Last active
March 20, 2025 10:13
-
-
Save daemonfire300/695e5d5b99b9431fb496a2d19fcda280 to your computer and use it in GitHub Desktop.
Pod Ping Pong
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| NS=$1 | |
| # Delete existing pods and services if they exist | |
| kubectl -n $NS delete pod pod1 pod2 --ignore-not-found | |
| kubectl -n $NS delete service pod1-svc pod2-svc --ignore-not-found | |
| # Create services | |
| kubectl -n $NS create service clusterip pod1-svc --tcp=8080:8080 --dry-run=client -o yaml | kubectl set selector --local -f - 'run=pod1' -o yaml | kubectl -n $NS apply -f - | |
| kubectl -n $NS create service clusterip pod2-svc --tcp=8080:8080 --dry-run=client -o yaml | kubectl set selector --local -f - 'run=pod2' -o yaml | kubectl -n $NS apply -f - | |
| # Create pod1 with security context | |
| cat <<EOF | kubectl -n $NS create -f - | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: pod1 | |
| labels: | |
| run: pod1 | |
| spec: | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 1000 | |
| runAsGroup: 3000 | |
| fsGroup: 2000 | |
| seccompProfile: | |
| type: RuntimeDefault | |
| containers: | |
| - name: busybox | |
| image: busybox | |
| command: | |
| - /bin/sh | |
| - -c | |
| - "while true; do pkill -f 'nc -l -p 8080' || true; (echo -e 'HTTP/1.1 200 OK\n\nHello from pod1' | nc -l -p 8080 &); echo 'Testing pod2-svc...'; if wget -q -T 3 -O- pod2-svc:8080; then echo 'SUCCESS: pod1 can reach pod2-svc'; else echo 'FAILED: pod1 cannot reach pod2-svc'; fi; sleep 5; done" | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| privileged: false | |
| ports: | |
| - containerPort: 8080 | |
| protocol: TCP | |
| EOF | |
| # Create pod2 with security context | |
| cat <<EOF | kubectl -n $NS create -f - | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: pod2 | |
| labels: | |
| run: pod2 | |
| spec: | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 1000 | |
| runAsGroup: 3000 | |
| fsGroup: 2000 | |
| seccompProfile: | |
| type: RuntimeDefault | |
| containers: | |
| - name: busybox | |
| image: busybox | |
| command: | |
| - /bin/sh | |
| - -c | |
| - "while true; do pkill -f 'nc -l -p 8080' || true; (echo -e 'HTTP/1.1 200 OK\n\nHello from pod2' | nc -l -p 8080 &); echo 'Testing pod1-svc...'; if wget -q -T 3 -O- pod1-svc:8080; then echo 'SUCCESS: pod2 can reach pod1-svc'; else echo 'FAILED: pod2 cannot reach pod1-svc'; fi; sleep 5; done" | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: | |
| - ALL | |
| privileged: false | |
| ports: | |
| - containerPort: 8080 | |
| protocol: TCP | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment