kubernetes how to use network policy

In the kubernates environment to control Layer 3 or 4 traffic we can use network policy.

In this post I describe network policies with a simple examples

My lab setup

I have three nodes kubernetes cluster

There are a few pods running over there and pods have assigned label environments.I have three categories of pods are there.(dev, pods and web)

Im testing a few scenarios here

Scenario 01

Restrict both Ingress and egress traffic to\from web pods

This is the yaml file I used

—————————————

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: block-all-to-web

spec:

  podSelector:

    matchLabels:

environment: web

  policyTypes:

    – Ingress

    – Egress

---

How to create a network policy

Save the yml file and apply it

How to view network policy

how we can test this policy?

I have logged in to ubuntudev2 and trying to curl or ping to web pods. But we can connect to other pods

To test the egress traffic from web pods, I logged in to one of the web pods and tried to run apt update. But I’m getting a connection error.Which means our policy is working.

Scenario 02

In this scenario I have restricted only incoming traffic

To test this, i’m deleting the existing the policies now.

This is the yaml file I used.

——————————-

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: block-all-to-web

spec:

  podSelector:

    matchLabels:

      environment:  web

  policyTypes:

    – Ingress

After applying this policy , I was able to connect outside from web pods

---

---

Continue reading “kubernetes how to use network policy”

Advertisement

Deploy a vm using ansible playbook

In this article i’m going to shar the steps of deploy a vm using ansible playboook

I’m using two yaml files for this excersice.

in the vars.yml file I”m proving the vcenter environment details as a variables.

I have defined vcener fqdn,datacenter name, credential and vm template name.

Also I have disabled ssl verification sing vcenter_validate_certs: false parameter. The reason is we are using self sign ssl in our vcenter and its not trusted in the linux vm which i’m using to run this playbook.

in the second yml file(vm_deploy.yml).In this playbook i’m grabbing inputs from vars.yml. Other than that Ive added vmname , folder name , power state and wait for ip option here.

Now we can run this play book.

I have added these yml files to below github.

https://github.com/darshanajayathilake/ansiblevmdeploy

Powercli ssl error

When I’m trying to connect to the VC from powercli I get this error.

I tried but there is no ignore SSL option in the parameters.

I searched and I found below workaround for this

We need to set powercliconfig for this

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

VMWare KB-

https://developer.vmware.com/docs/powercli/latest/vmware.vimautomation.core/commands/set-powercliconfiguration/#Default

How to use vsantop

Vsanto

Vsantop is one of most useful tool to identify the performance related issues or collect the stats

Requirement-We should run vSAN 6.7 Update 3 or later version

Vsantop is like same as esxtop that we are using to identify host or vm related issues

How to use it

We need to enable SSH session to one of the node and type vsantop

By default  it will show stats relate to the domclient, but we can customize it

Example –

I need to collect latencywrite

1.press F

2.Enter the no 8 , same way we can remove the fields

3 Press Enter

Screen clipping taken: 7/10/2022 2:34 AM

Also we can change the entity by Pressing E. steps are almost same

By pressing h we can get the help by pressing h

To analyse the data the easiest way it to collect the information to csv file, you can refer to below example

How to use Quickstart wizard to configure vSAN cluster

vSAN how to add diskgroup using powercli

Add host to existing vSAN cluster

Manage VMware Infrastructure using Ruby commands

Manage vSAN using Powercli

Powercli is a command line tool which based on Windows PowerShell. We can use it for automate our tasks. This article will show some of the valuable comnmads we can use to manage our vSAN infrastructure.

1. First will check what are the  available command in powercli relate to the vSAN

Syntax

Get-command *vsan*

2. We can check the health of vSAN cluster

Syntax

Get-Cluster|testVsanClusterHeath|fl

3. We can get the vSAN cluster configuration using below command

Get-VsanClusterConfiguraiton|fl

4. Using Get-VsanDiskGropu command we can get disk group details

Continue reading “Manage vSAN using Powercli”

How to configure SMB share on vSAN

1. First we need to enable file services on vSAN cluster

a. Login to the vCenter

b. Select the cluster

c. Click on Configure

d. Click on Services

e. Click on Enable  on File services

2. Click on Next

3. We need to provide below details

Continue reading “How to configure SMB share on vSAN”