Network Policy with Calico

Hands-On Lab

 

Photo of John Marx

John Marx

Training Architect

Length

01:00:00

Difficulty

Intermediate

This lab covers the Kubernetes feature of Network Policy. The lab utilizes the kops installer to create a cluster using the Calico network overlay. The student is guided through the process of first creating a network policy that prohibits pod access, followed by another policy that grants pod access to certain clients and a named server.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

This lab utilizes the Kubernetes kops utility to install a cluster and implement the Calico network overlay. The lab uses the cluster to provide a 'learn-by-doing' environment that allows the student to create a namespace, deploy an NGINX server in the namespace, and then expose the server on port 80 with no network policies implemented.

The lab then allows the student to first create and test a network policy that prohibits all pod=to=pod traffic, and then finally implement a policy to enable specific pods an ingres route to a specific pod server.

An interactive shell running in the busybox container image is used with the wget command to test each policy that is implemented.