- Demos how the network policy can be enforced to deployment pods
- Blocks outbound communication.
- Uses Calico
- Currently this repo include same for windows container. Expecting this to work same for Linux containers as well.
- Create vNet and Subnet for AKS
- Replace values in the params file
- Navigate to commands folder
- Create cluster with calico enabled
- Manually add windows node pool as the above will be creating only Linux node pool
- Deploy the HELM chart
By default it will make http calls
- Change the network-policy.yml to remove github IPs
- Deploy HELM chart again
- This will not restart the container. So better delete the pod.
- The container is running a command that makes web request to joymon.github.io
- It will work by default as the network-policy.yml has the required IPs in egress
- Recommends reading the container specs for better understandability of the container going to behave
- Remove the last 4 ipBlocks from network-policy.yml file to ensure its blocking the network traffic.