Deploying Network Policies Demo

The course is part of these learning paths

AZ-303 Exam Preparation: Technologies for Microsoft Azure Architects
course-steps
28
certification
7
lab-steps
13
description
1
AZ-400 Exam Prep: Microsoft Azure DevOps Solutions
course-steps
17
lab-steps
5
description
1
AZ-104 Exam Preparation: Microsoft Azure Administrator
course-steps
20
certification
4
lab-steps
16
more_horizSee 1 more
play-arrow
Start course
Overview
DifficultyIntermediate
Duration1h 42m
Students893
Ratings
3.7/5
starstarstarstar-halfstar-border

Description

AKS is a super-charged Kubernetes managed service which makes creating and running a Kubernetes cluster a breeze!

This course explores AKS, Azure’s managed Kubernetes service, covering the fundamentals of the service and how it can be used. You’ll first learn about how as a managed service it takes care of managing and maintaining certain aspects of itself, before moving onto the core AKS concepts such as cluster design and provisioning, networking, storage management, scaling, and security. After a quick look at Azure Container Registry, the course then moves on to an end-to-end demonstration that shows how to provision a new AKS cluster and then deploy a sample cloud-native application into it.

For any feedback, queries, or suggestions relating to this course, please contact us at support@cloudacademy.com.

Learning Objectives

  • Learn about what AKS is and how to provision, configure and maintain an AKS cluster
  • Learn about AKS fundamentals and core concepts
  • Learn how to work with and configure many of the key AKS cluster configuration settings
  • And finally, you’ll learn how to deploy a fully working sample cloud-native application into an AKS cluster

Intended Audience

  • Anyone interested in learning about AKS and its fundamentals
  • Software Engineers interested in learning about how to configure and deploy workloads into an AKS cluster
  • DevOps and SRE practitioners interested in understanding how to manage and maintain an AKS cluster

Prerequisites

To get the most from this course it would help to have a basic understanding of:

  • Kubernetes (if you’re unfamiliar with Kubernetes, and/or require a refresher then please consider taking our dedicated Introduction to Kubernetes learning path)
  • Containers, containerization, and microservice-based architectures
  • Software development and the software development life cycle
  • Networks and networking

Resources

If you wish to follow along with the demonstrations in part two of this course, you can find all of the coding assets hosted in the following three GitHub repositories:

Transcript

Okay, Step 9. I'm gonna start installing network policies to control pod-to-pod traffic within our cluster, particularly within the cloudacademy name space. So I'll copy the first deny all policy under Step 9.1.

Now, what we should find is that once this default deny all policy has been deployed, the application should break because all pod-to-pod traffic within the cloudacademy namespace will be denied. Therefore, if I run the following curl command I would expect this to fail with some sort of timeout. And indeed it has, we've got a 504 gateway timeout, which is probably the expected response from the NGINX controller because it cannot send a request downstream and get a valid response back. So let's move on and fix this.

So Step 9.2, I'll deploy the following network policy which is required to allow the Mongo pods to talk within themselves for database replication. Okay, that's been deployed.

Step 9.3, this network policy will allow the API pods to talk to the MongoDb pods, and we need that because the API needs to read and write to the database. So that's been created.

Step 9.4. We need to allow the ingress pods to talk to the API pods. Okay, that has been created.

Step 9.5, we need to allow the ingress pods to talk to the frontend pods. That's been created. And then the last network policy, under Step 9.6, we need to deploy to allow the pods within the cloudacademy namespace to perform DNS resolution against the cluster's DNS pods within the kube-system namespace. So we'll deploy that. And everything is in place now.

So what we have now is we have our default deny all policy together with a number of other network policies that allow just the right pod traffic within our setup. So if I go back to our instructions and run the Step 10 command the curl command should now work again. Which it does, so this is really, really good.

So finally, if I jump back into the browser and I do a reload, and as expected, the frontend reloads and everything is working. So, again, we can make some more votes. And let's go with five for JavaScript. And then I'll run the final command under Step 10 to again confirm that the right records within the database have been updated.

So scrolling up, we can see under javascript that we've got five votes and that we've got two votes each for python and csharp. So that's a great result, everything is working, and we've completed the deployment. So don't forget if you're running this in your own AKS cluster and you've come to the end and you don't need it anymore, please do remove that AKS cluster because you will be billed if it remains there.

About the Author
Students36060
Labs33
Courses93
Learning paths23

Jeremy is the DevOps Content Lead at Cloud Academy where he specializes in developing technical training documentation for DevOps.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 20+ years. In recent times, Jeremy has been focused on DevOps, Cloud, Security, and Machine Learning.

Jeremy holds professional certifications for both the AWS and GCP cloud platforms.