Deploy Application
We will deploy a microservices application, then demonstrates how to use Calico application layer policy to mitigate some common threats.
Install the demo application
We will use a simple microservice application to demonstrate Calico application layer policy. The YAO Bank application creates a customer-facing web application, a microservice that serves up account summaries.
https://docs.projectcalico.org/security/tutorials/app-layer-policy/manifests/10-yaobank.yaml
Step1: Deploy the Application
Step2: Verify that the application pods have been created and are ready.
Step3: Identify the Services running
Step4: Login to the Customer Pod and Check the Access Database.
Note: Replace the podname with your own pod
or
Use the K9s to login to Customer Pod
Step5: Notice that from here, we get direct access to the backend database. For example, we can list all the entries in the database like this:
Apply the Network Policies
The above policy will protect the database being access by Customer Application, Rather allowed from Summary.
Step6: Login to the Customer Pod and Check the Access Database.
Note: Replace the podname with your own pod
or
Use the K9s to login to Customer Pod
Step7: Check the DB Access
Step7: Exit from Customer Pod
Step8: Login to the Summary Pod and Check the Access Database.
Note: Replace the podname with your own pod
or
Use the K9s to login to Summary Pod
Step7: Check the DB Access
Now it should not work.
Step7: Exit from Customer Pod
Delete the Policy
Now Delete the Policy and Check.
Last updated