Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add in-line YAMLs to EKS mini-tutorial, prevent conflicts with base netpol tutorial #131

Merged
merged 1 commit into from
Aug 31, 2023
Merged

Add in-line YAMLs to EKS mini-tutorial, prevent conflicts with base netpol tutorial #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 32 additions & 3 deletions docs/quick-tutorials/aws-eks-cni-mini.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,32 @@ Once you have that installed and running your Otterize access graph should look
Now that you have Otterize installed, the next step is to create an intent which will enable access to the server from the client. If you enable protection on the server without declaring an intent, the client will be blocked.

```shell
otterize network-mapper export --server server.otterize-tutorial-npol | kubectl apply -f -
otterize network-mapper export --server server.otterize-tutorial-eks | kubectl apply -f -
```

Running this command will generate the following `ClientIntents` for each client connected to `server` and apply it to your cluster. You could also place it in a Helm chart or apply it some other way, instead of piping it directly to kubectl.
```yaml
apiVersion: k8s.otterize.com/v1alpha2
kind: ClientIntents
metadata:
name: client
namespace: otterize-tutorial-eks
spec:
service:
name: client
calls:
- name: server
---
apiVersion: k8s.otterize.com/v1alpha2
kind: ClientIntents
metadata:
name: client-other
namespace: otterize-tutorial-eks
spec:
service:
name: client-other
calls:
- name: server
```

At which point you should see that the `server` service is ready to be protected:
Expand All @@ -139,7 +164,11 @@ At which point you should see that the `server` service is ready to be protected

And you can then protect the `server` service by applying the following `yaml` file:

Protect the server with the following command:
```yaml
{@include: ../../static/code-examples/aws-eks-mini/protect-server.yaml}
```

Protect the server by applying the resource:

```bash
kubectl apply -f https://docs.otterize.com/code-examples/aws-eks-mini/protect-server.yaml
Expand All @@ -162,7 +191,7 @@ Have a look at the [Guide](https://docs.otterize.com/guides/protect-1-service-ne
To remove the deployed examples run:
```bash
kubectl delete -f protect-server.yaml
otterize network-mapper export --server server.otterize-tutorial-npol | kubectl delete -f -
otterize network-mapper export --server server.otterize-tutorial-eks | kubectl delete -f -
kubectl delete -f https://docs.otterize.com/code-examples/automate-network-policies/all.yaml
helm uninstall otterize -n otterize-system
eksctl delete cluster -f cluster-config.yaml
Expand Down
77 changes: 77 additions & 0 deletions static/code-examples/aws-eks-mini/all.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
apiVersion: v1
kind: Namespace
metadata:
name: otterize-tutorial-eks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: client
namespace: otterize-tutorial-eks
spec:
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: alpine/curl
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do echo \"Calling server...\"; if ! timeout 2 curl -si server 2>/dev/null; then echo \"curl timed out\"; fi; sleep 2; done" ]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-other
namespace: otterize-tutorial-eks
spec:
selector:
matchLabels:
app: client-other
template:
metadata:
labels:
app: client-other
spec:
containers:
- name: client-other
image: alpine/curl
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do echo \"Calling server...\"; if ! timeout 2 curl -si server 2>/dev/null; then echo \"curl timed out\"; fi; sleep 2; done" ]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
namespace: otterize-tutorial-eks
spec:
selector:
matchLabels:
app: server
template:
metadata:
labels:
app: server
spec:
containers:
- name: server
image: node:19
command: [ "/bin/sh","-c" ]
args: [ "echo \"Hi, I am the server, you called, may I help you?\" > index.html; npx --yes http-server -p 80 " ]
---
apiVersion: v1
kind: Service
metadata:
name: server
namespace: otterize-tutorial-eks
spec:
selector:
app: server
ports:
- protocol: TCP
port: 80
targetPort: 80
2 changes: 1 addition & 1 deletion static/code-examples/aws-eks-mini/protect-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: k8s.otterize.com/v1alpha2
kind: ProtectedService
metadata:
name: server
namespace: otterize-tutorial-npol
namespace: otterize-tutorial-eks

spec:
name: server
Loading