k8s/Kubernetes>> k8s-netpol>> 返回
项目作者: mathieu-benoit

项目描述 :
Kubernetes Network Policies samples
高级语言:
项目地址: git://github.com/mathieu-benoit/k8s-netpol.git
创建时间: 2019-09-28T21:32:12Z
项目社区:https://github.com/mathieu-benoit/k8s-netpol
开源协议:
下载


Kubernetes resources leveraged and illustrated by this blog article I wrote: Kubernetes Network Policies, how to secure the communications between your pods

Deployments and NetworkPolicies Overview

To summarize, here are the bash commands you need to run:

  1. # Get you AKS cluster with Calico enabled
  2. az aks create... \
  3.   --network-policy calico
  5. # Since we would like to allow DNS resolution from WEB and API to respectively call API and DB we need to create a Label on the kube-system Namespace
  6. kubectl label ns kube-system name=kube-system
  8. # Create a Namespace to deploy K8S resources into it
  9. ns=yournamespace
  10. kubectl create ns $ns
  11. kubectl config set-context \
  12.   --current \
  13.   --namespace $ns
  15. # Deploy WEB, API and DB Pods/Services
  16. kubectl apply \
  17.   -f db-api-web-deployments.yaml
  19. # Apply the first NetworkPolicy: deny all Ingress/Egress
  20. kubectl apply \
  21.   -f deny-all-netpol.yaml
  23. # Apply the NetworkPolicy definition related to DB
  24. kubectl apply \
  25.   -f db-netpol.yaml
  27. # Apply the NetworkPolicy definition related to API
  28. kubectl apply \
  29.   -f api-netpol.yaml
  31. # Apply the NetworkPolicy definition related to WEB
  32. kubectl apply \
  33.   -f web-netpol.yaml