Mysql NETPOLICY LAB

All files are in my github repo, so clone it:

Create an interactive shell using mysql image and acces mysql-server:

touk@k8smaster:~$ k get pods -o wide -n mysql-netpolicy
NAME                            READY   STATUS    RESTARTS   AGE   IP               NODE      NOMINATED NODE   READINESS GATES
mysql-deploy-75db46bdf6-lc4cw   1/1     Running   0          37m   172.16.145.244   k8snode   <none>           <none>

touk@k8smaster:~$ kubectl run --stdin --tty --image=mysql:latest mysqlclient -- bash
If you don't see a command prompt, try pressing enter.
bash-4.4# mysql
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
bash-4.4# mysql -h 172.16.145.244 --user root --password
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.1.0 MySQL Community Server - GPL

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Run a pod without a label:

kubectl run --stdin --tty --image=mysql:latest mysqlclient-notpermitted -- bash

kubectl exec -it mysqlclient-notpermitted -- /bin/bash

bash-4.4# mysql -h 172.16.145.244 --user root --password

It will timeout

Now i will add a label that matches the network policy

kubectl label pods mysqlclient-notpermitted purpose=mysqlclient

Now if you try again and access mysql within the pod it will access it successefully

PreviousNetworkPolicy Kubernetes NextRBAC with kubernetes