This workshop will walk you through how to create network policies in Kubernetes using Calico.
An article with more details and explanation will be available soon.
Check the commands.sh file to get all the commands used in this workshop.
We'll need a Kubernetes cluster (or Minikube) with Calico enabled.
kubectl create -f 1-namespace-development.yaml
# or
kubectl create namespace development
kubectl label namespace/development purpose=development
kubectl run backend --image=nginx --labels app=webapp,role=backend --namespace development --expose --port 80 --generator=run-pod/v1
# or
kubectl create -f 1-pod-svc-nginx-backend.yaml
kubectl run --rm -it --image=alpine frontend --namespace development --generator=run-pod/v1
wget -qO- http://backend
# or
kubectl create -f 1-pod-alpine-test.yaml
kubectl exec alpine -n development -- wget -qO- http://backend
kubectl apply -f 1-network-policy-deny-all.yaml
We'll reuse the same Aplpine image to run the test:
kubectl run --rm -it --image=alpine frontend --namespace development --generator=run-pod/v1
wget -qO- --timeout=2 http://backend
# or
kubectl exec alpine -n development -- wget -qO- --timeout=2 http://backend
kubectl apply -f 2-network-policy-allow-pod.yaml
kubectl run --rm -it frontend --image=alpine --labels app=webapp,role=frontend --namespace development --generator=run-pod/v1
wget -qO- http://backend
kubectl run --rm -it --image=alpine frontend --namespace development --generator=run-pod/v1
wget -qO- --timeout=2 http://backend
kubectl create namespace production
kubectl label namespace/production purpose=production
kubectl run --rm -it frontend --image=alpine --labels app=webapp,role=frontend --namespace production --generator=run-pod/v1
wget -qO- http://backend.development
kubectl apply -f 3-network-policy-allow-pod-namespace.yaml
kubectl run --rm -it frontend --image=alpine --labels app=webapp,role=frontend --namespace production --generator=run-pod/v1
wget -qO- --timeout=2 http://backend.development
kubectl run --rm -it frontend --image=alpine --labels app=webapp,role=frontend --namespace development --generator=run-pod/v1
wget -qO- http://backend