Skip to content

Commit

Permalink
doc: update netpol step
Browse files Browse the repository at this point in the history
  • Loading branch information
diabhey authored Apr 19, 2022
1 parent 426f66b commit d05d5ab
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions labs/paas/otomi/4_netpols/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ kubectl apply -f https://raw.githubusercontent.com/redkubes/workshops/main/netpo
kubectl get svc -n team-<$TEAM-NAME>
```

You will see 3 services:
You will see three services:

```bash
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
Expand All @@ -31,23 +31,23 @@ redis-leader ClusterIP 10.0.82.226 <none> 6379/TCP 6m44s

5. Fill in the name `frontend`.

6. Under `Exposure`, select `Public`. Leave all other settings under exposure default.
6. Under `Exposure ingress`, select `Public`. Leave all other settings under exposure default.

7. Leave all other settings default and click `Submit`.

8. Click `Deploy Changes`.

After the changes have been deployed (this will take a couple of minutes), you will see that the service we just created has a host name. Click on the host name. What do you see? Submit a couple of messages.

9. Now add the other 2 services (`redis-follower` and `redis-leader`). Make sure to provide the correct port (6379). Leave all other settings default (so no exposure) and Submit. You don't need to Deploy Changes after every Submit. Just create the 2 services and then Deploy Changes.
9. Now add the other two services (`redis-follower` and `redis-leader`). Make sure to provide the correct port (6379) for both the `redis-leader` and `redis-follower` services. Leave all other settings default (so no exposure) and Submit. You don't need to Deploy Changes after every Submit. Just create the 2 services and then Deploy Changes.

When you create a service in Otomi with ingress `Cluster`, the K8s service will be added to the service-mesh in Otomi. When you create services in Otomi, the Istio Gateway is automatically configured and Istio virtual services are also automatically created.

Notice that the guestbook front-end still works!

10. In Otomi Console go to your team and then click the `Settings` item.

11. Under NetworkPolicy, enable `Network Policies`.
11. Under NetworkPolicy, enable `Network Policies`. Click on `submit` and then `Deploy Changes`.

Now go to the Guestbook application and notice that your messages are gone and you can't submit new messages. This is because traffic between the frontend and the 2 redis services is not permitted anymore. Let's fix this.

Expand Down

0 comments on commit d05d5ab

Please sign in to comment.