• I consider you all people already know how to launch ec2 instances in AWS otherwise i will direct you to ⇒ How to launch ec2_instances_in_AWS
  • While launching ec2 instances use my default AMI which contains pre-default setup of Docker, Kubelet, Kubeadm & some configuration required before administrate the nodes as a Master or worker Node; Or you can refer to one of my precedent write-up on it ⇒ Setup_Multi_nodes_in_Kubernetes && Official Documentation
AWS screenshot launching AMI
  • After launch now you can see my instances have started:
instances ready
  • For ease access at the command line i will login to the ec2 instances from my local machine with ssh 😁
  • sudo kubeadm init phase certs all
  • sudo kubeadm init phase kubeconfig all
  • sudo kubeadm init phase control-plane all — pod-network-cidr 10.244.0.0/16
  • sudo kubeadm init — skip-phases=certs,kubeconfig,control-plane — ignore-preflight-errors=all — pod-network-cidr 10.244.0.0/16
  • And at the end of the last command above you will see the following output:
  • From the previous output our kubernetes control-plane has been initialized successfully so now we will start using the cluster :
  • First login to it with ssh and join the Master as :
  • Same thing with the Worker Node2 as :
  • Running at the Master Node “kubectl get nodes” to see the both nodes joined :
  • To setup Network Policy in k8s , i will use an overlay Network so i have to install a network plugin called “weave” at the Master Node to successfully perform Network policy.
  • Why Weave plugin ? bcz it has the best capability in the market to allow us to perform Network security policy in Kubernetes.
  • So let’s go and install the weave Plugin in our Master node using :
  • kubectl create deployment myd — image=tcdocker2021/ubuntu-nginx-server:v2 — replicas=3 => launch a deploy containing 3 copies of pod running my ubuntu-nginx-server.
  • After you have to expose your deployment to allow inbound connection to your deployment like =: kubectl expose deploy myd — port=80 — type=NodePort
  • kubectl get svc=> to verify effectively your deploy have been exposed
  • Typing in your browser the public ip of your Master Node and the port open from your exposed deploy will confirm the achieved work:
web page of server inside the pod
  • kubectl get networkpolicy “ => shows that we don’t yet have a network Policy, so let’s do that..
  • So for creating network policy we have to create resource for that meaning creating a yaml config file:
  1. Apply NetworkPolicy to allow all incoming traffic to all pods:
Result: refresh your web browser, and you will see that accessing the web page of our deploy is allowed.
The code running in the networkPolicy file:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Edmond Tchamie

Edmond Tchamie

3rd Year CSE Student, Technology Passionate(Docker, AWS, K8s,Rhel Linux,...), Aspiring Security Expert😁