Controlling network traffic is typically best handled as close to the metal as possible, via route control, egress firewall and network security groups. However, there is a lot of benefit to further tuning your traffic control and implementing micro-segmentation within your Kubernetes cluster.
Make sure the following are complete before setting up network policies.
- Cluster is provisioned and accessible via 'kubectl'
- Cluster was provisioned with calico network policy, as per the cluster creation requirements
- App Deployment is complete
- The reddog namespace should deny all ingress traffic by default
- The reddog namespace should allow ingress traffic only from the ingress controller namespace and itself
- Verify that calico is installed
- Create the ingress network policy
Useful links: