1.5 KiB
Executable File
1.5 KiB
Executable File
| sectionid | sectionclass | title | parent-id |
|---|---|---|---|
| networkpolicy | h2 | Create Network Policy | lab-ratingapp |
Now that you have the application working, it is time to apply some security hardening. You'll use network policies to restrict communication to the rating-api.
Switch to the Cluster Console
{% collapsible %}
Switch to the Administrator console.
Make sure you're in the workshop project, expand Networking and click Create Network Policy.
{% endcollapsible %}
Create network policy
{% collapsible %}
You will create a policy that applies to any pod matching the app=rating-api label. The policy will allow ingress only from pods matching the app=rating-web label.
Use the YAML below in the editor, and make sure you're targeting the workshop project.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-allow-from-web
namespace: workshop
spec:
podSelector:
matchLabels:
app: rating-api
ingress:
- from:
- podSelector:
matchLabels:
app: rating-web
Click Create.
{% endcollapsible %}
Resources