Isovalent Enterprise for Cilium: Network Policies
Achieving zero-trust network connectivity via Kubernetes Network Policy is complex as modern applications have many service dependencies (downstream APIs, databases, authentication services, etc.). With the “default deny” model, a missed dependency leads to a broken application. Moreover, the YAML syntax of Network Policy is often difficult for newcomers to understand. This makes writing policies and understanding their expected behavior (once deployed) challenging.
Enter Isovalent Enterprise for Cilium: it provides tooling to simplify and automate the creation of Network Policy based on labels and DNS-aware data from Cilium Hubble. APIs enable integration into CI/CD workflows while visualizations help teams understand the expected behavior of a given policy. Collectively, these capabilities dramatically reduce the barrier to entry to creating Network Policies and the ongoing overhead of maintaining them as applications evolve.
In this hands-on demo we will walk through some of those challenges and their solutions.
Main steps in the lab
Let's deploy the demo app! What are the default connection policies? Where can we connect to?
Let's check out the visual representation of the policies
We created a new policy - let's test it! We can even see the connection drops!
So..... how do we update an existing policy to take the connection drops into account?