kubectl apply -f calico/calico.yaml
kubectl apply -f resources/namespace.yaml
kubectl apply -f resources/management-ui.yaml
kubectl apply -f resources/backend.yaml
kubectl apply -f resources/frontend.yaml
kubectl apply -f resources/client.yaml
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
client client-nkcfg 1/1 Running 0 24m
kube-system aws-node-6kqmw 1/1 Running 0 50m
kube-system aws-node-grstb 1/1 Running 1 50m
kube-system aws-node-m7jg8 1/1 Running 1 50m
kube-system calico-node-b5b7j 1/1 Running 0 28m
kube-system calico-node-dw694 1/1 Running 0 28m
kube-system calico-node-vtz9k 1/1 Running 0 28m
kube-system calico-typha-75667d89cb-4q4zx 1/1 Running 0 28m
kube-system calico-typha-horizontal-autoscaler-78f747b679-kzzwq 1/1 Running 0 28m
kube-system kube-dns-7cc87d595-bd9hq 3/3 Running 0 1h
kube-system kube-proxy-lp4vw 1/1 Running 0 50m
kube-system kube-proxy-rfljb 1/1 Running 0 50m
kube-system kube-proxy-wzlqg 1/1 Running 0 50m
management-ui management-ui-wzvz4 1/1 Running 0 24m
stars backend-tkjrx 1/1 Running 0 24m
stars frontend-q4r84 1/1 Running 0 24m
To summarize the different resources we created:
- A namespace called stars
- frontend and backend replication controllers and services within stars namespace
- A namespace called management-ui
- Replication controller and service management-ui for the user interface seen on the browser, in the management-ui namespace
- A namespace called client
- client replication controller and service in client namespace
kubectl get svc -o wide -n management-ui
kubectl apply -n stars -f policy/default-deny.yaml
kubectl apply -n client -f policy/default-deny.yaml
kubectl apply -f policy/allow-ui.yaml
kubectl apply -f policy/allow-ui-client.yaml
Refresh the browser again and check the Network policies in place
kubectl apply -f policy/backend-policy.yaml
kubectl apply -f policy/frontend-policy.yaml
Upon refreshing your browser, you should be able to see the network policies in action.