Hands-On Lab

This lab brings together the concepts of Network Policies discussed in Chapter 5. You will deploy simple application components and then use Go to programmatically create and update Network Policies to enforce specific traffic flow rules between them, verifying the results directly in your cluster.

Objectives:

1. Deploy simple frontend and backend sample Pods into your cluster, ensuring they have distinct labels (e.g., app=frontend, app=backend).

2. Write and execute a Go program that creates a NetworkPolicy resource targeting the backend Pods. This initial policy should restrict ingress traffic, allowing connections only from frontend Pods on a specific TCP port (e.g., 8080), effectively isolating the backend from other Pods.

3. Modify the Go program (or use specific flags) to update the same NetworkPolicy. The update should add an egress rule, for example, allowing the backend Pods to connect out to a specific destination (like DNS servers or another internal service), while still maintaining the ingress restrictions.

4. Verify the effects of both the initial policy creation and the subsequent update by attempting connections between Pods within the cluster.

Tasks:

1. Navigate to the Code: Find the Go source code for this lab within the companion GitHub repository, under the directory for Chapter 5 examples:

   • https://github.com/sanspareilsmyn/go-and-k8s-api

You have now programmatically defined and modified network security rules using NetworkPolicy resources. You've seen how these policies take effect (assuming a compatible CNI) by restricting traffic based on labels and ports, and how you can update them dynamically using client-go. This forms the basis for implementing robust, automated network security within Kubernetes.