- Deploy ACS to the cluster
- Create a new nasmespace to test the workloads
kubectl create ns test
- Create a server with restrictive network policy (e.g. block all traffic)
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: deny-all
spec:
podSelector:
matchLabels:
app: nginx
policyTypes:
- Ingress
- Egress
kubectl -n test -f ./server.yaml
- Check the server's pod IP
kubectl -n test get pods -o wide
- Create another pod that tries to communicate to it directly.
kubectl -n test run my-netflow --rm -i --tty --image quay.io/rhacs-demo/netflow -- -connect <POD_IP>:8080
- Validate that the logs show an error message (not able to connect to server)
- Validate what is being shown in the Network Graph. There should be no edge between the two nodes.