< Previous Challenge - Home - Next Challenge >
Have you ever wondered how to restrict traffic between applications? In challenge 6 we will be creating a network policy that does exactly that! It is time to apply some security hardening and restrict communication to our API.
In this challenge, we will be deploying two network policies that will restrict traffic between pods in our ARO cluster. Network policies can be deployed by using either the ARO Web Console or the OpenShift CLI.
- NOTE: Make sure you are in Administrator mode when configuring the cluster's network policies!
- Configure a network policy called
deny-allthat denies all traffic by default using a YAML file you create- To confirm the network policy is in effect, go the the application's homepage and the website should be broken
- Configure a network policy called
allow-rating-webthat will allow traffic to rating-web from all pods using a YAML file you create- To confirm the network policy is in effect, go to the application's homepage and the website should be working now. Submit ratings is still broken.
- Configure a network policy called
allow-rating-apithat will allow traffic to rating-api from rating-web using a YAML file you create- To confirm the network policy is in effect, go the the application's homepage and you should be able to submit and see ratings
To complete this challenge successfully, you should be able to:
- Have demonstrated that your
deny-allnetwork policy blocked all traffic - Demonstrate that your
allow-rating-webnetwork policy allows traffic - Demonstrate that your
allow-rating-apinetwork policy allows traffic between the backend and frontend application