Skip to content

Kubernetes Lab 10 - Network Policies

Problem

Setup minikube

minikube start --network-plugin=cni
kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
kubectl -n kube-system get pods | grep calico-node

Create secured pod

apiVersion: v1
kind: Pod
metadata:
  name: network-policy-secure-pod
  labels:
    app: secure-app
spec:
  containers:
    - name: nginx
      image: bitnami/nginx
      ports:
        - containerPort: 8080

Create client pod

apiVersion: v1
kind: Pod
metadata:
  name: network-policy-client-pod
spec:
  containers:
    - name: busybox
      image: radial/busyboxplus:curl
      command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]

Create a policy to allow only client pods with label allow-access: "true" to access secure pod