algorithm006-class02
diff --git a/‎module14/allow-icmp-incluster.yaml
+21 b/‎module14/allow-icmp-incluster.yaml
+21
diff --git a/‎module14/networkpolicy.yaml
+32 b/‎module14/networkpolicy.yaml
+32
diff --git a/‎module3/setup-network.md
+64 b/‎module3/setup-network.md
+64
diff --git a/‎module4/1.simple-pod.MD
+22 b/‎module4/1.simple-pod.MD
+22
diff --git a/‎module4/2.run-envoy-with-configmap.MD
+14 b/‎module4/2.run-envoy-with-configmap.MD
+14
diff --git a/‎module4/3.understand-configmap.MD
+17 b/‎module4/3.understand-configmap.MD
+17
diff --git a/‎module4/4.configmap-volume.MD
+6 b/‎module4/4.configmap-volume.MD
+6
diff --git a/‎module4/5.readiness-probe.MD
+4 b/‎module4/5.readiness-probe.MD
+4
diff --git a/‎module4/6.get-obj-columns.MD
+4 b/‎module4/6.get-obj-columns.MD
+4
diff --git a/‎centos-readiness.yaml renamed to ‎module4/centos-readiness.yaml b/‎centos-readiness.yaml renamed to ‎module4/centos-readiness.yaml
diff --git a/‎downward-api-pod.yaml renamed to ‎module4/downward-api-pod.yaml b/‎downward-api-pod.yaml renamed to ‎module4/downward-api-pod.yaml
diff --git a/‎envoy-deploy.yaml renamed to ‎module4/envoy-deploy.yaml b/‎envoy-deploy.yaml renamed to ‎module4/envoy-deploy.yaml
diff --git a/‎envoy.yaml renamed to ‎module4/envoy.yaml b/‎envoy.yaml renamed to ‎module4/envoy.yaml
diff --git a/‎game.properties renamed to ‎module4/game.properties b/‎game.properties renamed to ‎module4/game.properties
@@ -0,0 +1,21 @@
+apiVersion: projectcalico.org/v3
+kind: GlobalNetworkPolicy
+metadata:
+  name: allow-ping-in-cluster
+spec:
+  selector: all()
+  types:
+    - Ingress
+  ingress:
+    - action: Allow
+      protocol: ICMP
+      source:
+        selector: all()
+      icmp:
+        type: 8 # Ping request
+    - action: Allow
+      protocol: ICMPv6
+      source:
+        selector: all()
+      icmp:
+        type: 128 # Ping request
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: default
+  name: toolbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: toolbox
+  template:
+    metadata:
+      labels:
+        app: toolbox
+        access: "true"
+    spec:
+      containers:
+        - name: toolbox
+          image: centos
+          command:
+          - tail
+          - -f
+          - /dev/null
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: default-deny
+  namespace: ns-calico-01
+spec:
+  podSelector: {}
+---
@@ -0,0 +1,64 @@
+### create network ns
+```
+mkdir -p /var/run/netns
+find -L /var/run/netns -type l -delete
+```
+### start nginx docker with non network mode
+```
+docker run --network=none  -d nginx
+```
+### check corresponding pid
+```
+docker ps|grep nginx
+docker inspect <containerid>|grep -i pid
+
+"Pid": 876884,
+"PidMode": "",
+"PidsLimit": null,
+```
+### check network config for the container
+```
+nsenter -t 876884 -n ip a
+```
+### link network namespace
+```
+export pid=876884
+ln -s /proc/$pid/ns/net /var/run/netns/$pid
+ip netns list
+```
+### check docker bridge on the host 
+```
+brctl show
+ip a
+4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+    link/ether 02:42:35:40:d3:8b brd ff:ff:ff:ff:ff:ff
+    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::42:35ff:fe40:d38b/64 scope link
+       valid_lft forever preferred_lft forever
+```
+### create veth pair
+```
+ip link add A type veth peer name B
+```
+### config A
+```
+brctl addif docker0 A
+ip link set A up
+```
+### config B
+```
+SETIP=172.17.0.10
+SETMASK=16
+GATEWAY=172.17.0.1
+
+ip link set B netns $pid
+ip netns exec $pid ip link set dev B name eth0
+ip netns exec $pid ip link set eth0 up
+ip netns exec $pid ip addr add $SETIP/$SETMASK dev eth0
+ip netns exec $pid ip route add default via $GATEWAY
+```
+### check connectivity
+```
+curl 172.17.0.10
+```
@@ -0,0 +1,22 @@
+
+## simple pod demo
+### run nginx as webserver
+```
+$ kubectl run --image=nginx nginx
+```
+### show running pod
+```
+$ kubectl get po --show-labels -owide -w
+```
+### expose svc
+```
+$ kubectl expose deploy nginx --selector run=nginx --port=80 --type=NodePort
+```
+### check svc detail
+```
+$ kubectl get svc
+```
+### access service
+```
+$ curl 192.168.34.2:<nodeport>
+```
@@ -0,0 +1,14 @@
+## run envoy
+```
+$ kubectl create configmap envoy-config --from-file=envoy.yaml
+$ kubectl create -f envoy-deploy.yaml
+$ kubectl expose deploy envoy --selector run=envoy --port=10000 --type=NodePort
+```
+## access service
+```
+$ curl 192.168.34.2:<nodeport>
+```
+## scale up/down/failover
+```
+$ kubectl scale deploy <deployment-name> --replicas=<n>
+```
@@ -0,0 +1,17 @@
+# configmap
+```
+cat game.properties
+
+#configmap from file
+kubectl create configmap game-config --from-file=game.properties
+kubectl create configmap game-env-config --from-env-file=game.properties
+kubectl get configmap -oyaml game-config
+```
+## configmap from literal
+```
+kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm
+#downward api pod
+kubectl create -f downward-api-pod.yaml
+kubectl get po downward-api-pod
+kubectl logs -f downward-api-pod
+```
@@ -0,0 +1,6 @@
+# volume
+```
+kubectl create -f configmap-volume-pod.yaml
+kubectl get po
+kubectl logs -f configmap-volume-pod
+```
@@ -0,0 +1,4 @@
+# readiness probe
+```
+kubectl create -f centos-readiness.yaml
+```
@@ -0,0 +1,4 @@
+## get object by columns
+```
+kubectl get svc  -o=custom-columns=NAME:.metadata.name,CREATED:'.metadata.annotations'
+```