hands-on lab

Create Kubernetes Layer-7 Network Policies using Cilium CNI

Beginner
1h 30m
560
4.6/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

If you're building and deploying cloud-native applications and microservices, then Kubernetes is the must-have platform. Kubernetes provides superior container-orchestration, deployment, scaling, and management. When it comes to securing application traffic within Kubernetes, consider using Network Policies.

Network Policy resource can be implemented and deployed to enforce layer-3 segmentation of inter-pod network traffic. Network Policies crafted with layer-7 rulesets can also be achieved albeit through the use and deployment of a custom CNI implementation - such as that provided by Cilium.

This lab is designed to show you how to install and setup Kubernetes layer-7 Network Policies using Cilium. You will be walked through the process of deploying a sample Star Wars-themed API. You'll then learn how to secure inbound application traffic to the API by creating and deploying a layer-7 network policy.

 

Lab Objectives

Upon completion of this lab, you will be able to:

  • Install and setup the Cilium CNI
  • Deploy a ready-made StarWars themed API into a Kubernetes cluster
  • Create and deploy a layer-7 Network Policy
  • Test and validate the layer-7 Network Policy rules

You should:

  • Be comfortable with basic Linux command line administration
  • Be comfortable with basic Kubernetes cluster administration

Lab Environment

This lab will start with the following AWS resources provisioned automatically for you:

  • A single EC2 instance, named k8s.cluster.cloudacademy.platform.instance, which will have a public IP address attached. This will be the instance that you will connect to using your local workstation browser.

To achieve the lab end state, you will be walked through the process of:

  • Using your local workstation browser to remotely connect to k8s.cluster.cloudacademy.platform.instance
  • Install and setup the Cilium CNI
  • Deploy a ready-made StarWars themed API into a Kubernetes cluster
  • Create and deploy a layer-7 Network Policy to secure the API
  • Test and validate the layer-7 Network Policy rules - and confirm that the API is secured for certain types of HTTP traffic

 

Updates

20th August, 2020 - Fixed an issue preventing network policy from working

11th August, 2020 - Fixed an issue preventing Kubernetes from starting

About the author
Avatar
Jeremy Cook
Content Lead Architect
Students
159,312
Labs
80
Courses
108
Learning paths
212

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).

Covered topics
Lab steps
Logging In to the Amazon Web Services Console
Connecting to the CloudAcademy Web based K8s IDE
Install Cilium CNI
Deploy API Pods
Test API Before Layer-7 Network Policy is Deployed
Secure API with Layer-7 Network Policy
Test API After Layer-7 Network Policy is Deployed