NetworkPolicies are a great way to control network communication within a Kubernetes cluster. In this lab, you will make a Kubernetes cluster more secure by using NetworkPolicies to restrict network traffic to only traffic that is actually needed by applications running in the cluster.
Successfully complete this lab by achieving the following learning objectives:
- Block Incoming Traffic by Default for All Pods in the web-auth Namespace
Create a configuration that causes incoming traffic to all Pods in the web-auth namespace to be blocked by default.
- Allow Traffic from the auth-client Pod to Reach the web-auth-server
auth-clientPod to reach
web-auth-server. Both Pods are in the
web-authnamespace. You can use existing labels to accomplish this.
auth-clientneeds to be able to reach
- Only Pods with the appropriate label should be able to access
web-auth-server, even if they are in the
- Pods outside the
web-authnamespace should never be able to access
web-auth-server, no matter what labels they have.