https://github.com/cmwylie19/automated-gke-cilium-networkpolicy-demo
Quickly provision and tear down a GKE cluster with Cilium enabled for working with Network Policy.
https://github.com/cmwylie19/automated-gke-cilium-networkpolicy-demo
ansible cilium gke networkpolicy
Last synced: 7 months ago
JSON representation
Quickly provision and tear down a GKE cluster with Cilium enabled for working with Network Policy.
- Host: GitHub
- URL: https://github.com/cmwylie19/automated-gke-cilium-networkpolicy-demo
- Owner: cmwylie19
- Created: 2022-01-01T18:01:15.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2022-01-01T18:01:44.000Z (almost 4 years ago)
- Last Synced: 2025-01-23T01:41:33.790Z (9 months ago)
- Topics: ansible, cilium, gke, networkpolicy
- Language: Go
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Automated GKE Network Policy Demo
Before running the automation, make sure you have the correct variables in `env-automation/group_vars/all.yaml`. There are explanations in the `all.yaml` file and explanations regarding the GKE cluster for some variables in the `env-automation/README.md`
## Prerequisites
- Install [ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
- Install kubernetes module: `ansible-galaxy collection install kubernetes.core`
- Install [helm](https://helm.sh/docs/intro/install/)
- Install [kubectl](https://kubernetes.io/docs/tasks/tools/)
- Have a [GKE Project](https://cloud.google.com/kubernetes-engine/docs/quickstart)
- Modify the `env-automation/group_vars/all.yaml` file.
## Spin up GKE Cluster
This will spin up a GKE cluster with Cilium installed on the nodes.
```
ansible-playbook spin-up-env.yaml
```
## Tear down GKE Clusters
This will tear down the cluster.
```
ansible-playbook tear-down-env.yaml
```
## Network Policy Demo
Create two nginx pods, `n1` and `n2`.
```
kubectl run n1 --image=nginx
kubectl run n2 --image=nginx
```
Verify that `n1` can connect to `n2`
```
kubectl exec -it n1 -- curl --connect-timeout 3 $(kubectl get pod n2 -ojsonpath="{.status.podIP}")
```
**output**
```
Welcome to nginx!
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
```
Create a deny all network policy
```
kubectl apply -f -<
Welcome to nginx!
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
```
## Cleanup Network Policy Demo
```
kubectl delete pod n1 --force --grace-period=0
kubectl delete pod n2 --force --grace-period=0
kubectl delete netpol --all
```