Skip to content

Lab 9 - Network Policies

Problem

Setup minikube

minikube start --network-plugin=cni
kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
kubectl -n kube-system get pods | grep calico-node

Create secured pod

apiVersion: v1
kind: Pod
metadata:
  name: network-policy-secure-pod
  labels:
    app: secure-app
spec:
  containers:
  - name: nginx
    image: bitnami/nginx
    ports:
    - containerPort: 8080

Create client pod

apiVersion: v1
kind: Pod
metadata:
  name: network-policy-client-pod
spec:
  containers:
  - name: busybox
    image: radial/busyboxplus:curl
    command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]

Create a policy to allow only client pods with label allow-access: "true" to access secure pod