gitea_admin/Online-Boutique

Fork 0

Files

Subodh dafcd9777f

Continuous Integration - Pull Request / code-tests (pull_request) Has been cancelled

Details

Continuous Integration - Pull Request / deployment-tests (local-code) (pull_request) Has been cancelled

Details

helm-chart-ci / helm-chart-ci (pull_request) Has been cancelled

Details

kubevious-manifests-ci / kubevious-manifests-ci (pull_request) Has been cancelled

Details

kustomize-build-ci / kustomize-build-ci (pull_request) Has been cancelled

Details

terraform-validate-ci / terraform-validate-ci (pull_request) Has been cancelled

Details

Clean up deployment / cleanup-namespace (pull_request) Has been cancelled

Details

Continuous Integration - Main/Release / code-tests (push) Has been cancelled

Details

Continuous Integration - Main/Release / deployment-tests (local-code) (push) Has been cancelled

Details

helm-chart-ci / helm-chart-ci (push) Has been cancelled

Details

kubevious-manifests-ci / kubevious-manifests-ci (push) Has been cancelled

Details

kustomize-build-ci / kustomize-build-ci (push) Has been cancelled

Details

terraform-validate-ci / terraform-validate-ci (push) Has been cancelled

Details

Initial commit

2026-02-04 20:47:56 +05:30

3.4 KiB

Raw Blame History

Secure Online Boutique with Network Policies

You can use Network Policies enforcement to control the communication between your cluster's Pods and Services.

To use NetworkPolicies in Google Kubernetes Engine (GKE), you will need a GKE cluster with network policy enforcement enabled, the recommended approach is to use GKE Dataplane V2.

To use NetworkPolicies on a local cluster such as minikube, you will need to use an alternative CNI that supports NetworkPolicies like Calico. To run a minikube cluster with Calico, run minikube start --cni=calico. By design, the minikube default CNI Kindnet does not support it.

Deploy Online Boutique with `NetworkPolicies` via Kustomize

To automate the deployment of Online Boutique integrated with fine granular NetworkPolicies (one per Deployment), you can leverage the following variation with Kustomize.

From the kustomize/ folder at the root level of this repository, execute this command:

kustomize edit add component components/network-policies

This will update the kustomize/kustomization.yaml file which could be similar to:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- base
components:
- components/network-policies

You can locally render these manifests by running kubectl kustomize . as well as deploying them by running kubectl apply -k ..

Once deployed, you can verify that the NetworkPolicies are successfully deployed:

kubectl get networkpolicy

The output could be similar to:

NAME                    POD-SELECTOR                AGE
adservice               app=adservice               2m58s
cartservice             app=cartservice             2m58s
checkoutservice         app=checkoutservice         2m58s
currencyservice         app=currencyservice         2m58s
deny-all                <none>                      2m58s
emailservice            app=emailservice            2m58s
frontend                app=frontend                2m58s
loadgenerator           app=loadgenerator           2m58s
paymentservice          app=paymentservice          2m58s
productcatalogservice   app=productcatalogservice   2m58s
recommendationservice   app=recommendationservice   2m58s
redis-cart              app=redis-cart              2m58s
shippingservice         app=shippingservice         2m58s

Note: Egress is wide open in these NetworkPolicies . In our case, we do this is on purpose because there are multiple egress destinations to take into consideration like the Kubernetes DNS, Istio control plane (istiod), Cloud Trace API, Cloud Profiler API, etc.

3.4 KiB Raw Blame History

Secure Online Boutique with Network Policies

Deploy Online Boutique with NetworkPolicies via Kustomize

Related Resources

3.4 KiB

Raw Blame History

Deploy Online Boutique with `NetworkPolicies` via Kustomize