セッション時に使用したデモ環境の構築手順および資材置き場です。
環境は、Oracle Cloud Infrastructure(OCI)前提です。
curl -o px https://storage.googleapis.com/pixie-dev-public/cli/latest/cli_linux_amd64chmod +x pxmkdir $home/binexport PATH="$PATH:$home/bin"px versionPixie CLI
0.8.2+Distribution.401c92c.20230530183620.1.jenkinspx deployPixie CLI
Running Cluster Checks:
✔ Kernel version > 4.14.0
✔ Cluster type is supported
✔ K8s version > 1.16.0
✔ Kubectl > 1.10.0 is present
✔ User can create namespace
✕ Cluster type is in list of known supported types ERR: Cluster type is not in list of known supported cluster types. Please see: https://docs.px.dev/installing-pixie/requirements/
Some cluster checks failed. Pixie may not work properly on your cluster. Continue with deploy? (y/n) [y] : y
Installing Vizier version: 0.14.6
Generating YAMLs for Pixie
Deploying Pixie to the following cluster: context-cap6yc5rqea
Is the cluster correct? (y/n) [y] : y
Found 3 nodes
✔ Installing OLM CRDs
✔ Deploying OLM
✔ Deploying Pixie OLM Namespace
✔ Installing Vizier CRD
✔ Deploying OLM Catalog
✔ Deploying OLM Subscription
✔ Creating namespace
✔ Deploying Vizier
✔ Waiting for Cloud Connector to come online
Waiting for Pixie to pass healthcheck
✔ Wait for PEMs/Kelvin
✔ Wait for PEMs/Kelvin
✔ Wait for healthcheck
==> Next Steps:
Run some scripts using the px cli. For example:
- px script list : to show pre-installed scripts.
- px run px/service_stats : to run service info for sock-shop demo application (service selection coming soon!).
Check out our docs: https://docs.withpixie.ai:443.px demo deploy px-sock-shopPixie CLI
Deploying demo app px-sock-shop to the following cluster: context-cap6yc5rqea
Is the cluster correct? (y/n) [y] : y
✔ Creating namespace px-sock-shop
✔ Deploying px-sock-shop YAMLs
Successfully deployed demo app px-sock-shop to cluster context-cap6yc5rqea.
==> Next Steps:
Load testing has been automatically launched for px-sock-shop. If you want to visit the px-sock-shop site,
run 'kubectl -n px-sock-shop get svc front-end --watch' to get the external IP.
When using minikube, run 'minikube tunnel' in order to ensure the external IP is accessible.EXTERNAL-IP アドレスを確認後、ブラウザでアクセスします。
kubectl -n px-sock-shop get svc front-end -wNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
front-end LoadBalancer 10.96.71.65 xxx.xx.xxx.xx 80:30001/TCP 47s
デモ環境概要図
コンピュートで以下のインスタンスを作成します。
- Compute
- VM.Standard.E4.Flex
- OCPU x 1
- MEM 16GB
- OS
- Ubuntu 22.24
構築作業は、root で行います。
sudo -iapt updateapt install apt-transport-https ca-certificates software-properties-commoncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"apt updateapt-cache policy docker-ceapt install docker-cesystemctl status dockerdocker versionsystemctl restart docker[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64chmod +x ./kindmv ./kind /usr/local/bin/kindsnap install kubectl --classicecho 'source <(kubectl completion bash)' >> ~/.bashrccurl -LO https://raw.githubusercontent.com/cilium/cilium/1.14.2/Documentation/installation/kind-config.yamlkind create cluster --config=kind-config.yamlkubectl cluster-info --context kind-kindCILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}cilium install --version 1.14.2cilium status --waitcilium hubble enablecilium statuscilium hubble port-forward&HUBBLE_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt)
HUBBLE_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then HUBBLE_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-${HUBBLE_ARCH}.tar.gz{,.sha256sum}
sha256sum --check hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum
sudo tar xzvfC hubble-linux-${HUBBLE_ARCH}.tar.gz /usr/local/bin
rm hubble-linux-${HUBBLE_ARCH}.tar.gz{,.sha256sum}hubble statushubble observecilium hubble enable --uicilium hubble uiサンプルアプリケーションを展開します。
kubectl create -f https://raw.githubusercontent.com/cilium/cilium/1.14.2/examples/minikube/http-sw-app.yamlNAME READY STATUS RESTARTS AGE
deathstar-7848d6c4d5-4zck4 1/1 Running 0 6s
deathstar-7848d6c4d5-56s9d 1/1 Running 0 6s
tiefighter 1/1 Running 0 6s
xwing 1/1 Running 0 5s私用するオブジェクトが Running であることを確認します。
kubectl get pods,svcNAME READY STATUS RESTARTS AGE
pod/deathstar-7848d6c4d5-4zck4 1/1 Running 0 6m54s
pod/deathstar-7848d6c4d5-56s9d 1/1 Running 0 6m54s
pod/tiefighter 1/1 Running 0 6m54s
pod/xwing 1/1 Running 0 6m53s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/deathstar ClusterIP 10.96.233.135 <none> 80/TCP 6m54s
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d19h各ノードで展開されている cilium エージェントの Pod 名を確認します。
kubectl -n kube-system get pods -l k8s-app=cilium -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cilium-kf87b 1/1 Running 1 (24m ago) 5d19h 172.18.0.3 kind-worker2 <none> <none>
cilium-kl46t 1/1 Running 1 (24m ago) 5d19h 172.18.0.2 kind-worker3 <none> <none>
cilium-mhqd9 1/1 Running 1 (24m ago) 5d19h 172.18.0.4 kind-worker <none> <none>
cilium-zt76c 1/1 Running 1 (24m ago) 5d19h 172.18.0.5 kind-control-plane <none> <none>1つのエージェント Pod 内でネットワークポリシーの状況を確認します。ネットワークポリシーを適用していないため、 Disabled となります。
kubectl -n kube-system exec cilium-kf87b -- cilium endpoint listDefaulted container "cilium-agent" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS
ENFORCEMENT ENFORCEMENT
178 Disabled Disabled 51425 k8s:app.kubernetes.io/name=xwing 10.244.3.205 ready
k8s:class=xwing
k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=default
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=default
k8s:org=alliance
274 Disabled Disabled 3872 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=sock-shop 10.244.3.53 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=sock-shop
k8s:name=user
1034 Disabled Disabled 18587 k8s:app.kubernetes.io/name=hubble-ui 10.244.3.176 ready
k8s:app.kubernetes.io/part-of=cilium
k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=hubble-ui
k8s:io.kubernetes.pod.namespace=kube-system
k8s:k8s-app=hubble-ui
1532 Disabled Disabled 37043 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=sock-shop 10.244.3.172 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=sock-shop
k8s:name=front-end
1554 Disabled Disabled 4 reserved:health 10.244.3.243 ready
2505 Disabled Disabled 65204 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=sock-shop 10.244.3.49 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=sock-shop
k8s:name=catalogue
2812 Disabled Disabled 5072 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=sock-shop 10.244.3.97 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=sock-shop
k8s:name=rabbitmq
3372 Disabled Disabled 1 reserved:host readyxwing と tiefighter Pod から deathstar Pod にアクセスを試みます。ネットワークポリシー適用前なので、「Ship Llanded」と表示されて、xwing と tiefighter Pod は、deathstar Pod にアクセスできます。
kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landingShip landedkubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landingShip landedhubble でも forwarded の表示を確認できます。
L4 ポリシーを適用します。「org=empire」というラベルを持つ tiefighter Pod は、deathstar Pod にアクセスできますが、ラベルを持たない xwing Pod はアクセスできなくなります。
ポリシーの内容は、以下です。
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: "rule1"
spec:
description: "L3-L4 policy to restrict deathstar access to empire ships only"
endpointSelector:
matchLabels:
org: empire
class: deathstar
ingress:
- fromEndpoints:
- matchLabels:
org: empire
toPorts:
- ports:
- port: "80"
protocol: TCPCiliumNetworkPolicies は、「endpointSelector」を使用して Pod のラベルを照合し、ポリシーが適用されるソースと宛先を識別します。上記のポリシーは、ラベル (org=empire) を持つポッドからラベル (org=empire、class=deathstar) を持つ deathstar Pod に TCP ポート 80 で送信されるトラフィックをホワイトリストに登録します。
kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.14.2/examples/minikube/sw_l3_l4_policy.yamlciliumnetworkpolicy.cilium.io/rule1 created想定通り、tiefighter Pod は、deathstar Pod にアクセスできますが、xwing Pod はアクセス出来ません。
kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landingShip landedアクセスできないため、Ctrl + c で強制終了します。
kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landinghubble でも dropped と表示されます。
cilium endpoint list を再度実行すると、ラベル org=empire および class=deathstar を持つポッドで、上記のポリシーに従ってイングレス ポリシーの適用が有効になっていいます。
kubectl -n kube-system exec cilium-kl46t -- cilium endpoint listDefaulted container "cilium-agent" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS
ENFORCEMENT ENFORCEMENT
13 Disabled Disabled 12910 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=sock-shop 10.244.1.70 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=sock-shop
k8s:name=catalogue-db
240 Enabled Disabled 10798 k8s:app.kubernetes.io/name=deathstar 10.244.1.100 ready
k8s:class=deathstar
k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=default
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=default
・
・<省略>
・kubectl -n kube-system exec cilium-mhqd9 -- cilium endpoint listDefaulted container "cilium-agent" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS
ENFORCEMENT ENFORCEMENT
86 Enabled Disabled 10798 k8s:app.kubernetes.io/name=deathstar 10.244.2.91 ready
k8s:class=deathstar
k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=default
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=default
k8s:io.kubernetes.pod.namespace=default
k8s:org=empire
・
・<省略>
・
HTTP 対応 L7 ポリシーの適用とテストを行います。
以下のポリシーは、tiefighter Pod からの HTTP POST における /v1/request-landing という URL への API 呼び出しのみを許可し、それ以外は拒否するポリシーです。 適用すると、tiefighter Pod から HTTP PUT における /v1/exhaust-port への通信および xwing Pod からの通信を行いますが、拒否されます。
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: "rule1"
spec:
description: "L7 policy to restrict access to specific HTTP call"
endpointSelector:
matchLabels:
org: empire
class: deathstar
ingress:
- fromEndpoints:
- matchLabels:
org: empire
toPorts:
- ports:
- port: "80"
protocol: TCP
rules:
http:
- method: "POST"
path: "/v1/request-landing"ポリシーを適用します。
kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.14.2/examples/minikube/sw_l3_l4_l7_policy.yamlciliumnetworkpolicy.cilium.io/rule1 configuredHTTP POST 通信は通りますが、HTTP PUT 通信は拒否されます。
kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landingShip landedkubectl exec tiefighter -- curl -s -XPUT deathstar.default.svc.cluster.local/v1/exhaust-portAccess deniedhubble でも両方の状況を確認できます。
ラベル org=empire のない Pod からのトラフィックは引き続き Dropped となります。
kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
ネットワークポリシーを削除します。
kubectl delete cnp rule1ciliumnetworkpolicy.cilium.io "rule1" deletedkubectl create -f https://raw.githubusercontent.com/microservices-demo/microservices-demo/master/deploy/kubernetes/complete-demo.yamlnamespace/sock-shop created
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
deployment.apps/carts created
service/carts created
deployment.apps/carts-db created
service/carts-db created
deployment.apps/catalogue created
service/catalogue created
deployment.apps/catalogue-db created
service/catalogue-db created
deployment.apps/front-end created
service/front-end created
deployment.apps/orders created
service/orders created
deployment.apps/orders-db created
service/orders-db created
deployment.apps/payment created
service/payment created
deployment.apps/queue-master created
service/queue-master created
deployment.apps/rabbitmq created
service/rabbitmq created
deployment.apps/session-db created
service/session-db created
deployment.apps/shipping created
service/shipping created
deployment.apps/user created
service/user created
deployment.apps/user-db created
service/user-db createdポートフォワーディングするために front-end Pod 名を調べます。
kubectl get pods -n sock-shopNAME READY STATUS RESTARTS AGE
carts-5bb979cb6d-mkrmw 1/1 Running 0 11m
carts-db-6d88679f9d-qhwjx 1/1 Running 0 11m
catalogue-7c89c4b8b7-ktt8m 1/1 Running 0 11m
catalogue-db-6d76c95d76-ps2cs 1/1 Running 0 11m
front-end-5d7b595bcd-2crfh 1/1 Running 0 11m
orders-d5f745cc6-k7bvm 1/1 Running 0 11m
orders-db-688cc755dd-bh7rw 1/1 Running 0 11m
payment-66d9c6c5c8-czxqm 1/1 Running 0 11m
queue-master-78b6f85bb7-k65pd 1/1 Running 0 11m
rabbitmq-55c946cb56-zfcpk 2/2 Running 0 11m
session-db-9dc55b5b-fb7gh 1/1 Running 0 11m
shipping-78db6c6958-t5j74 1/1 Running 0 11m
user-5c8d59bcd4-pv6w7 1/1 Running 0 11m
user-db-758477f574-q6ztz 1/1 Running 0 11mfront-end Pod のコンテナポート番号は、8079 なので、そのポート番号でフォワーディングします。 新しいコンソールを起動して実行します。
kubectl port-forward front-end-5d7b595bcd-2crfh -n sock-shop 8079:8079Forwarding from 127.0.0.1:8079 -> 8079
Forwarding from [::1]:8079 -> 8079
Handling connection for 8079
・
・
・VSCodeでポート設定をすると、自動でブラウザが起動して、以下のURLにアクセスします。
http://localhost:12000/ hubble ui で sock-shop をクリックするとリアルタイムの状況を確認できます。
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3chmod 700 get_helm.sh./get_helm.shhelm repo add cilium https://helm.cilium.iohelm repo updatehelm install tetragon cilium/tetragon -n kube-systemkubectl rollout status -n kube-system ds/tetragon -wapt install golang-goGOOS=$(go env GOOS)
GOARCH=$(go env GOARCH)
curl -L --remote-name-all https://github.com/cilium/tetragon/releases/latest/download/tetra-${GOOS}-${GOARCH}.tar.gz{,.sha256sum}
sha256sum --check tetra-${GOOS}-${GOARCH}.tar.gz.sha256sum
sudo tar -C /usr/local/bin -xzvf tetra-${GOOS}-${GOARCH}.tar.gz
rm tetra-${GOOS}-${GOARCH}.tar.gz{,.sha256sum}tetra version
Console A
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | tetra getevents -o compact --namespace default --pod xwing process default/xwing /bin/bash
🚀 process default/xwing /usr/bin/whoami
💥 exit default/xwing /usr/bin/whoami 0Console B
kubectl exec -it xwing -- /bin/bashwhoamiexitJSON View
apt install jqkubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | jq 'select(.process_exec.process.pod.name=="xwing" or .process_exit.process.pod.name=="xwing")'
Console A
kubectl edit cm -n kube-system tetragon-config
# change "enable-process-cred" from "false" to "true"
# change "enable-process-ns" from "false" to "true"
# then save and exitkubectl rollout restart -n kube-system ds/tetragonkubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/testdata/specs/testpod.yamlConsole B
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | tetra getevents -o compact --namespace default --pod test-pod9/rootfs/sys/devices/virtual/dmi/id/product_uuid 🛑 CAP_SYS_ADMIN
💥 exit default/test-pod /bin/mount -o ro,bind /run/containerd/io.containerd.runtime.v2.task/k8s.io/5ab17b591d4e679d2b9ba3861b8960c9fd73c2e0d2e097e556dc30921c2093e9/rootfs/product_uuid /run/containerd/io.containerd.runtime.v2.task/k8s.io/5ab17b591d4e679d2b9ba3861b8960c9fd73c2e0d2e097e556dc30921c2093e9/rootfs/sys/devices/virtual/dmi/id/product_uuid 0 🛑 CAP_SYS_ADMIN
💥 exit default/test-pod /kind/bin/mount-product-files.sh /kind/bin/mount-product-files.sh 0 🛑 CAP_SYS_ADMIN
🚀 process default/test-pod /bin/sleep 365d 🛑 CAP_SYS_ADMIN
Console A
kubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/filename_monitoring.yamlkubectl exec -it xwing -- /bin/bashvi /etc/passwdexitConsole B
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | tetra getevents -o compact --namespace default --pod xwing🚀 process default/xwing /usr/bin/vi /etc/passwd
📚 read default/xwing /usr/bin/vi /etc/passwd
📚 read default/xwing /usr/bin/vi /etc/passwd
📚 read default/xwing /usr/bin/vi /etc/passwd
📝 write default/xwing /usr/bin/vi /etc/passwd
📝 truncate default/xwing /usr/bin/vi /etc/passwd
💥 exit default/xwing /usr/bin/vi /etc/passwd 0
💥 exit default/xwing /bin/bash 0JSON View
※Crt +C 実行後
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | jq 'select(.process_kprobe.process.pod.name=="xwing" or .process_kprobe.process.pod.name=="xwing")'Console A
TracingPolicy を削除します。
kubectl delete -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/filename_monitoring.yaml
Console A
kubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/tcp-connect.yamlkubectl exec -it xwing -- curl http://cilium.ioConsole B
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | tetra getevents -o compact --namespace default --pod xwing🚀 process default/xwing /usr/bin/curl http://cilium.io
🔌 connect default/xwing /usr/bin/curl tcp 10.244.3.43:36790 -> 104.198.14.52:80
🧹 close default/xwing /usr/bin/curl tcp 10.244.3.43:36790 -> 104.198.14.52:80
💥 exit default/xwing /usr/bin/curl http://cilium.io 0JSON View
※Crt +C 実行後
kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | jq 'select(.process_kprobe.process.pod.name=="xwing" or .process_kprobe.process.pod.name=="xwing")'Console A
TracingPolicy を削除します。
kubectl delete -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/tcp-connect.yamlサンプルアプリケーションを削除します。
kubectl delete -f https://raw.githubusercontent.com/cilium/cilium/1.14.2/examples/minikube/http-sw-app.yamlservice "deathstar" deleted
deployment.apps "deathstar" deleted
pod "tiefighter" deleted
pod "xwing" deleted