Skip to content

openshift-examples/network-policy-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
deployment
deployment
 
 
01_default-deny-simpson.png
01_default-deny-simpson.png
 
 
01_default-deny-simpson.yaml
01_default-deny-simpson.yaml
 
 
01_default-deny.yaml
01_default-deny.yaml
 
 
02_allow-from-openshift-ingress-simpson.png
02_allow-from-openshift-ingress-simpson.png
 
 
02_allow-from-openshift-ingress-simpson.yaml
02_allow-from-openshift-ingress-simpson.yaml
 
 
02_allow-from-openshift-ingress.yaml
02_allow-from-openshift-ingress.yaml
 
 
03_allow-same-namespace-simpson.png
03_allow-same-namespace-simpson.png
 
 
03_allow-same-namespace-simpson.yaml
03_allow-same-namespace-simpson.yaml
 
 
03_allow-same-namespace.yaml
03_allow-same-namespace.yaml
 
 
04_allow-from-bouviers-to-marge-simpson.png
04_allow-from-bouviers-to-marge-simpson.png
 
 
04_allow-from-bouviers-to-marge-simpson.yaml
04_allow-from-bouviers-to-marge-simpson.yaml
 
 
04_allow-from-bouviers-to-marge.yaml
04_allow-from-bouviers-to-marge.yaml
 
 
05_allow-from-burns-simpson.png
05_allow-from-burns-simpson.png
 
 
05_allow-from-burns-simpson.yaml
05_allow-from-burns-simpson.yaml
 
 
05_allow-from-burns.yaml
05_allow-from-burns.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
console-samples.yaml
console-samples.yaml
 
 
demo-overview-v2.png
demo-overview-v2.png
 
 
ocp-console.png
ocp-console.png
 
 
run-tmux.sh
run-tmux.sh
 
 
tmux-example.png
tmux-example.png
 
 

Repository files navigation

title linktitle weight description tags
Network Policy Demo
Network Policy Demo
16100
Generall Network Policy Demo based on Simpsons
demo
lab
netpol
NetworkPolicy
network

Network Policy Demo

Official documentation: About network policy

I presented this demo at the Next Generation Datacenter webinar, here the recording (in German)

<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/n3cq7Ql0VSk" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Environment

demo overview

Deploy Environment

=== "OC"

```
oc apply -k https://github.com/openshift-examples/network-policy-demo.git/deployment/
```

Optional: Deploy OpenShift Console samples

      OpenShift Console{ width="640" }

=== "OC"

```
oc apply -f {{ page.canonical_url }}console-samples.yaml
```

=== "console-samples.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/console-samples.yaml"
```

Start Monitor

Option 1) Local tmux script

curl -L -O {{ page.canonical_url }}run-tmux.sh

# Get OpenShift Wildcard domain:
WILDCARD_DOMAIN=$( oc get ingresscontroller/default -n openshift-ingress-operator -o jsonpath="{.status.domain}" )


# Start tmux
sh run-tmux.sh $WILDCARD_DOMAIN

      tmux{ width="640" }

Option 2) via Pod

=== "OC"

```
oc apply -k https://github.com/openshift-examples/network-policy-demo.git/deployment/monitor/
```

Watch logs:

oc logs --tail=1 -f deployment/monitor -n network-policy-demo-monitor

Step 1) Default deny

=== "OC"

```
oc apply -f {{ page.canonical_url }}01_default-deny-simpson.yaml
```

=== "01_default-deny-simpson.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/01_default-deny-simpson.yaml"
```

      01_default-deny-simpson.png{ width="640" }

Step 2) Allow ingress

=== "OC"

```
oc apply -f {{ page.canonical_url }}02_allow-from-openshift-ingress-simpson.yaml
```

=== "02_allow-from-openshift-ingress-simpson.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/02_allow-from-openshift-ingress-simpson.yaml"
```

      02_allow-from-openshift-ingress-simpson.png{ width="640" }

Step 3) Allow ingress

=== "OC"

```
oc apply -f {{ page.canonical_url }}03_allow-same-namespace-simpson.yaml
```

=== "03_allow-same-namespace-simpson.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/03_allow-same-namespace-simpson.yaml"
```

      03_allow-same-namespace-simpson.png{ width="640" }

Step 4) Allow from Bouviers to Marge Simpson

=== "OC"

```
oc apply -f {{ page.canonical_url }}04_allow-from-bouviers-to-marge-simpson.yaml
```

=== "04_allow-from-bouviers-to-marge-simpson.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/04_allow-from-bouviers-to-marge-simpson.yaml"
```

      04_allow-from-bouviers-to-marge-simpson.png{ width="640" }

Step 5) Allow from Burns to Simpson

=== "OC"

```
oc apply -f {{ page.canonical_url }}05_allow-from-burns-simpson.yaml
```

=== "05_allow-from-burns-simpson.yaml"

```yaml
--8<-- "content/networking/network-policy/network-policy-demo/05_allow-from-burns-simpson.yaml"
```

      05_allow-from-burns-simpson.png{ width="640" }

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages