Merge pull request #20 from denhamparry/master

fix: kubectl run creates  pod not deployment

Author: sublimino

Makefile

@@ -211,25 +211,11 @@ test-local: ## test from the local machine
 .PHONY: test-deploy
 test-deploy: ## deploy test services
 	@echo "+ $@"
-	set -x; for DEPLOYMENT_TYPE in \
-    frontend \
-    microservice \
-    database \
-    ; do \
-  	\
-    DEPLOYMENT="test-$${DEPLOYMENT_TYPE}"; \
-    kubectl run "$${DEPLOYMENT}" \
-      --image=busybox \
-      --labels=app=web,role="$${DEPLOYMENT_TYPE}" \
-      --requests='cpu=10m,memory=32Mi' \
-      --expose \
-      --port 80 \
-      -- sh -c "while true; do { printf 'HTTP/1.1 200 OK\r\n\n I am a $${DEPLOYMENT_TYPE}\n'; } | nc -l -p  80; done"; \
-  	\
-    kubectl scale deployment "$${DEPLOYMENT}" --replicas=3; \
-  done; \
-  \
-  kubectl apply -f resource/net-pol/web-deny-all.yaml -f resource/net-pol/test-services-allow.yaml;
+	set -x;
+	kubectl apply \
+						-f resource/deployment/demo.yaml \
+						-f resource/net-pol/web-deny-all.yaml \
+						-f resource/net-pol/test-services-allow.yaml;
 
 
 .PHONY: rollcage

README.md

@@ -43,15 +43,15 @@ More information and background in [this presentation](https://www.binarysludge.
 Usage: netassert [options] [filename]
 
 Options:
-    
+
   --image                Name of test image
   --no-pull              Don't pull test container on target nodes
   --timeout              Integer time to wait before giving up on tests (default 120)
-  
+
   --ssh-user             SSH user for kubelet host
   --ssh-options          Optional options to pass to the 'gcloud compute ssh' command
   --known-hosts          A known_hosts file (default: ${HOME}/.ssh/known_hosts)
-  
+
   --debug                More debug
   -h --help              Display this message
 ```
@@ -72,24 +72,15 @@ Options:
 - `docker`
 
 ### Deploy fake mini-microservices
+
 ```bash
-for DEPLOYMENT_TYPE in \
-  frontend \
-  microservice \
-  database\
-  ; do
-  DEPLOYMENT="test-${DEPLOYMENT_TYPE}"
-
-  kubectl run "${DEPLOYMENT}" \
-    --image=busybox \
-    --labels=app=web,role="${DEPLOYMENT_TYPE}" \
-    --requests='cpu=10m,memory=32Mi' \
-    --expose \
-    --port 80 \
-    -- sh -c "while true; do { printf 'HTTP/1.1 200 OK\r\n\n I am a ${DEPLOYMENT_TYPE}\n'; } | nc -l -p  80; done"
-
-  kubectl scale deployment "${DEPLOYMENT}" --replicas=3
-done
+$ kubectl apply -f resource/deployment/demo.yaml
+service/test-database created
+deployment.apps/test-database created
+service/test-frontend created
+deployment.apps/test-frontend created
+service/test-microservice created
+deployment.apps/test-microservice created
 ```
 
 ### Run netassert (this should fail)

resource/deployment/demo.yaml

@@ -0,0 +1,140 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-database
+spec:
+  selector:
+    app: web
+    role: test-database
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: web
+    role: test-database
+  name: test-database
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+        app: web
+        role: test-database
+  template:
+    metadata:
+      labels:
+        app: web
+        role: test-database
+    spec:
+      containers:
+      - args:
+        - sh
+        - -c
+        - while true; do { printf 'HTTP/1.1 200 OK\r\n\n I am a test database\n'; } | nc -l -p  80; done
+        image: busybox
+        name: alpine
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+        ports:
+        - containerPort: 80
+          protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-frontend
+spec:
+  selector:
+    app: web
+    role: test-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: web
+    role: test-frontend
+  name: test-frontend
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+        app: web
+        role: test-frontend
+  template:
+    metadata:
+      labels:
+        app: web
+        role: test-frontend
+    spec:
+      containers:
+      - args:
+        - sh
+        - -c
+        - while true; do { printf 'HTTP/1.1 200 OK\r\n\n I am a test frontend\n'; } | nc -l -p  80; done
+        image: busybox
+        name: alpine
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+        ports:
+        - containerPort: 80
+          protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-microservice
+spec:
+  selector:
+    app: web
+    role: test-microservice
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: web
+    role: test-microservice
+  name: test-microservice
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+        app: web
+        role: test-microservice
+  template:
+    metadata:
+      labels:
+        app: web
+        role: test-microservice
+    spec:
+      containers:
+      - args:
+        - sh
+        - -c
+        - while true; do { printf 'HTTP/1.1 200 OK\r\n\n I am a test microservice\n'; } | nc -l -p  80; done
+        image: busybox
+        name: alpine
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+        ports:
+        - containerPort: 80
+          protocol: TCP

resource/net-pol/test-services-allow.yaml

@@ -6,7 +6,7 @@ spec:
   podSelector:
     matchLabels:
       app: web
-      role: frontend
+      role: test-frontend
   ingress:
   - from: []
 ---
@@ -18,13 +18,13 @@ spec:
   podSelector:
     matchLabels:
       app: web
-      role: microservice
+      role: test-microservice
   ingress:
   - from:
     - podSelector:
         matchLabels:
           app: web
-          role: frontend
+          role: test-frontend
 ---
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
@@ -34,10 +34,10 @@ spec:
   podSelector:
     matchLabels:
       app: web
-      role: database
+      role: test-database
   ingress:
   - from:
     - podSelector:
         matchLabels:
           app: web
-          role: microservice
+          role: test-microservice