Invoke curl in exec command

stephane.hordoir · October 19, 2022, 9:30am

Hi

in the first lightning lab of Certified Kubernetes Application Developer (CKAD) | KodeKloud, (the second exercise) I try to invoke the curl command to connect one pod to another (the idea is to check the networking policy)

so I do

k exec webapp-color -it -- curl secure-service:80

but I get

error: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "a19fdeb04805a7ad9c6c291384661e892ccbef17b43207b0fe43e29281a4454f": OCI runtime exec failed: exec failed: unable to start container process: exec: "curl": executable file not found in $PATH: unknown

when I do

k exec webapp-color -it -- sh
then
curl secure-service

I get sh: curl: not found

Where did i go wrong ?

trung-kodekloud · October 19, 2022, 3:09pm

Hello @stephane.hordoir,

The container in the webapp-color pod running kodekloud/webapp-color image, it doesn’t has curl package installed that why you can’t use curl to verify the netpol.
For this lab, please create the below netpol:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      run: secure-pod
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              name: webapp-color
      ports:
        - protocol: TCP
          port: 80

Then use this command to verify the result:

k exec -it webapp-color -- sh
/opt # nc -v -z -w 2 secure-service 80
secure-service (10.105.68.177:80) open

What is nc command: 8 Netcat (nc) Command with Examples

Happy learning,
Trung.

stephane.hordoir · October 19, 2022, 4:44pm

Hi Thanks a lot for the quick reply !

From your answer, I assume that netcat command nc is always installed by default, is this right ?
what about wget ?

trung-kodekloud · October 20, 2022, 7:21am

Hello @stephane.hordoir,

It depends on the base image of each application, in the case of kodekloud/webapp-color, we can’t use curl or ping.
Same for wget, apt-get… it depends on the base image of the application (nginx, httpd, busybox…).

Happy learning,
Trung.

stephane.hordoir · October 20, 2022, 7:52am

Oh that makes things clear. It means that i cannot know in advance (except if I look in the documentation) which connection I can use ?

So for the certification, what strategy is possible (to avoid panicking: is the tool not working or is it my config not working ? )

trung-kodekloud · October 20, 2022, 9:50am

If the tool is not there, the error message is very clear, ex: curl not found or something similar.

stephane.hordoir · October 20, 2022, 10:21am

@trung-kodekloud Thanks !