Testing Kubernetes network policy in AKS Cluster with Calico

• Demos how the network policy can be enforced to deployment pods
• Blocks outbound communication.
• Uses Calico
• Currently this repo include same for windows container. Expecting this to work same for Linux containers as well.

How to run

• Create vNet and Subnet for AKS
• Replace values in the params file
• Navigate to commands folder
• Create cluster with calico enabled
• Manually add windows node pool as the above will be creating only Linux node pool
• Deploy the HELM chart

By default it will make http calls

Reproduce error

• Change the network-policy.yml to remove github IPs
• Deploy HELM chart again
• This will not restart the container. So better delete the pod.

How the PoC structured

• The container is running a command that makes web request to joymon.github.io
• It will work by default as the network-policy.yml has the required IPs in egress
  • Recommends reading the container specs for better understandability of the container going to behave
• Remove the last 4 ipBlocks from network-policy.yml file to ensure its blocking the network traffic.