Network policies in Kubernetes using Calico

•

1 like•620 views

Suraj Narwade

Slides from the talk presented at kubernetes bangalore meetup

Software

Network policies in
Kubernetes using Calico
Suraj Narwade

$ whoami
● Works at Red Hat
● Contributes to Kompose, Kedge, Libcompose
● Plays with Kubernetes, OpenShift & Alexa
● Tweets at @red_suraj
● Code at @surajnarwade
● Write at http://suraj.pro
● One of the Event Host here :)

Disclaimer
/me is still newbie with Networking stuff :D
/me is not op guy but golang dev

What is Network Policy ?
A network policy is a specification of how groups of pods are allowed to
communicate with each other and other network endpoints.
(By default, if no policies exist in a namespace, then all ingress and egress traffic is allowed to and from pods in that
namespace.)

Network Policies
● These policies are firewall rules that specify permissible types of traffic to, from and between pods. If requested,
Kubernetes blocks all traffic that is not explicitly allowed.
● Policies are applied to groups of pods identified by common labels.

Who Provides Network Policies ?
● Calico
● Cilium
● Kube-router
● Romana
● Weave Net

Someone will ask, why not flannel ?
https://github.com/projectcalico/canal
https://thenewstack.io/project-calico-flannel-join-forces-policy-secured-networking/

Quick introduction to calico
● OpenSource
● Enables Networking of Workloads in Cloud Environment
● User need not to be networking expert
● Scale Thousand of workloads
● L3 level
● Containers, VMs, bare metal

Installation
kubectl apply -f
https://docs.projectcalico.org/v3.0/getting-started/kubernet
es/installation/hosted/calico.yaml

It will install...
● A ConfigMap which contains the Calico configuration.
● A DaemonSet which installs the calico/node pod and CNI plugin.
● A ReplicaSet which installs the calico/kube-policy-controller pod.
In kube-system namespace

Default deny
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: access-nginx
spec:
podSelector:
matchLabels:
app: nginx
ingress:
- from:
- podSelector:
matchLabels:
app: foo

You can use
● PodSelector
● NameSpaceSelector
● IP ranges with CIDR

Similar to Network policies in Kubernetes using Calico

Hyperledger fabric 3

Arvind Sridharan

In this hands-on workshop, we cover the basics of locking down in-cluster network traffic using the new traffic policies introduced in Linkerd 2.11. Using Linkerd’s ability to authorize traffic based on workload identity, we cover a variety of practical use cases, including restricting access to a critical service, preventing traffic across namespaces, and locking down traffic while still allowing metrics scrapes, health checks, and other meta-traffic.

Locking down your Kubernetes cluster with Linkerd

Buoyant

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with GitLab CI and Open Policy Agent. Philippe and Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join our session to learn how to improve compliance, from gating your dependencies to controlling your infrastructure.

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Nico Meisenzahl

K8s network policy bypass

Kaizhe Huang

Drools5 Community Training module 4 RETE Algorithm Introduction

Mauricio (Salaboy) Salatino

Distributed fun with etcd

Abdulaziz AlMalki

Watch this talk on YouTube here: https://youtu.be/vLNZA_2Na_s Whether you’re new to GitOps or a seasoned pro, this talk is for you! We'll start with the basics of how/where to get started, and then dive into one of the most asked GitOps questions: how to structure your repository! During this talk, Scott & Pinky will review the Core Concepts of Flux including Git Sources, Reconciliation, Helm Releases, Kustomization, and Bootstrapping, to get you ramped up with how to think with a GitOps mindset! Then they’ll dive into and discuss considerations for and demo ways of structuring your repositories: monorepo, repo per environment, repo per team, or repo per app. Resources: - Flux on GitHub: https://github.com/fluxcd/flux2 - Flux docs: https://fluxcd.io/docs - Core Concepts: https://fluxcd.io/docs/concepts/ - Sources: https://fluxcd.io/docs/components/source/ - Helm Releases: https://fluxcd.io/docs/guides/helmreleases/ - Kustomization: https://fluxcd.io/docs/components/kustomize/ Bootstrap: https://fluxcd.io/docs/installation/#bootstrap - Ways of Structuring Your Repos: https://fluxcd.io/docs/guides/repository-structure/ Speaker Bios: Priyanka “Pinky” Ravi is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at a large insurance company where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe. Scott is a Brooklyn based interdisciplinary artist and Developer Advocate at Weaveworks. He co-founded the Basekamp art and research group in 1998 and the massively collaborative Plausible Artworlds international network. In technology he enjoys helping develop open source software that anyone can use, most recently projects in the cloud native landscape including co-maintaining Helm and Flux. In daily decisions, large or small, he tries to help make the world a better place for everyone.

GitOps Core Concepts & Ways of Structuring Your Repos

Weaveworks

There is a flurry of activity on policy and intent in Software-defined Networks. The NIC project in OpenDaylight focuses on enabling the controller to manage and direct network services and network resources based on app-described “Intents”. The Intent based NBI allows for a descriptive way to get what is desired from the infrastructure, unlike the current SDN interfaces which are based on describing how to provide different services. The Network Intent Composition function will use existing OpenDaylight Network Service Functions and Southbound Plugins to control both virtual and physical network devices.

Network Intent Composition in OpenDaylight

OpenDaylight

ETC Summit 18

Igor Artamonov

Hands-on GitOps Patterns for Helm Users YouTube Recording: https://youtu.be/ljouUBPtnuI There are a lot of opinions on how to structure Flux 2 manifests the "GitOps Way." Flux maintainers have given specific examples of how to properly do this in the Flux user guides, demos, and example repos. But most of these focus on Kustomize, and not yet on patterns for users who want to only use Helm. In this session, Scott Rigby, Developer Experience Engineer at Weaveworks, shares current work towards GitOps patterns for those who want to only use Helm with Flux 2. We welcome your feedback about use-cases and challenges!

Hands-on GitOps Patterns for Helm Users

Weaveworks

fwd:cloudsec 2022: Shifting right with policy-as-code

Gabriel Schuyler

As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies. In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace. By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.

Cloud Native Bern 05.2023 — Zero Trust Visibility

Raphaël PINSON

Create your own Dapps Platform on your own blockchain for your users to create their own decentralized application without the worry of gas prices and changes in protocol or regulations with regards to ethereum. The Dapps is created on an Ethereum platform with a smart contract thereby ensuring an automated payment system. The blockchain ensures immutability, safety and security of the application.

Decentralized App Blockchain

Decentralized applications development

What is Blockchain?

CharanKawalSinghBhat

What is Blockchain

CharanKawalSinghBhat

How OpenShift SDN helps to automate

Ilkka Tengvall

Deploy 22 microservices from scratch in 30 mins with GitOps

Opsta

Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies. In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.

Enforcing Bespoke Policies in Kubernetes

Torin Sandall

NATS Connector Framework - Boulder Meetup

Apcera

I've seen a lot of NodeJs applications. I see a lot of misunderstandings around architectural patterns. 99% of NodeJS tutorials do not cover this topic and limited to "hello world" apps. How to build a really large application? How to think about architectural layers? What is wrong with the majority of JS frameworks? How does GraphQL influence my architecture? I will answer all of these questions.

"The working architecture of NodeJs applications" Viktor Turskyi

Julia Cherniak

Similar to Network policies in Kubernetes using Calico (20)

Hyperledger fabric 3

Locking down your Kubernetes cluster with Linkerd

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

K8s network policy bypass

Drools5 Community Training module 4 RETE Algorithm Introduction

Distributed fun with etcd

GitOps Core Concepts & Ways of Structuring Your Repos

Network Intent Composition in OpenDaylight

ETC Summit 18

Hands-on GitOps Patterns for Helm Users

fwd:cloudsec 2022: Shifting right with policy-as-code

Cloud Native Bern 05.2023 — Zero Trust Visibility

Decentralized App Blockchain

What is Blockchain?

What is Blockchain

How OpenShift SDN helps to automate

Deploy 22 microservices from scratch in 30 mins with GitOps

Enforcing Bespoke Policies in Kubernetes

NATS Connector Framework - Boulder Meetup

"The working architecture of NodeJs applications" Viktor Turskyi

Recently uploaded

Looking to embark on a digital project in New York City? Choosing the ideal Laravel development partner is pivotal. Begin by defining your project requirements clearly. Assess potential partners' experience, expertise, and technical proficiency, checking portfolios and client testimonials. Effective communication and collaboration are paramount, so evaluate partners' communication styles and project management approaches. Consider long-term scalability and support options, and discuss pricing and contracts transparently. Lastly, trust your instincts when selecting a partner aligned with your vision and values.

How to Choose the Right Laravel Development Partner in New York City_compress...

software pro Development

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

ThousandEyes

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Software Quality Assurance Interview Questions

Arshad QA

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Looking for an efficient way to manage your finances? Look no further than our money management app. With easy-to-use features, you can track your expenses, create budgets, and monitor your savings goals all in one place. Our app provides real-time updates on your spending habits and helps you make smarter financial decisions. Take control of your finances today with our user-friendly money management app.

Right Money Management App For Your Financial Goals

Jhone kinadey

Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, etc. Performance can be dialed UP (and back down) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

ryanfarris8

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Diamond Application Development Crafting Solutions with Precision

SolGuruz

InShot proinshot.com stands tall among its peers as the ultimate video editing app, offering simplicity, versatility, and power in one package. With its intuitive interface and comprehensive feature set, InShot caters to both beginners and seasoned editors alike. Whether you're creating content for social media, YouTube, or personal projects, InShot empowers you to unleash your creativity and transform your videos into captivating masterpieces. Join the millions of users who trust InShot https://www.proinshot.com/ for all their video editing needs and discover the difference for yourself!

Exploring the Best Video Editing App.pdf

proinshot.com

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

5 Signs You Need a Fashion PLM Software.pdf

Wave PLM

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

Recently uploaded (20)

How to Choose the Right Laravel Development Partner in New York City_compress...

8257 interfacing 2 in microprocessor for btech students

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Software Quality Assurance Interview Questions

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

Right Money Management App For Your Financial Goals

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Diamond Application Development Crafting Solutions with Precision

Exploring the Best Video Editing App.pdf

Define the academic and professional writing..pdf

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

How To Use Server-Side Rendering with Nuxt.js

5 Signs You Need a Fashion PLM Software.pdf

Optimizing AI for immediate response in Smart CCTV

Network policies in Kubernetes using Calico

1. Network policies in Kubernetes using Calico Suraj Narwade

2. $ whoami ● Works at Red Hat ● Contributes to Kompose, Kedge, Libcompose ● Plays with Kubernetes, OpenShift & Alexa ● Tweets at @red_suraj ● Code at @surajnarwade ● Write at http://suraj.pro ● One of the Event Host here :)

3. Disclaimer /me is still newbie with Networking stuff :D /me is not op guy but golang dev

10. Network Policy comes to Rescue

11. What is Network Policy ? A network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. (By default, if no policies exist in a namespace, then all ingress and egress traffic is allowed to and from pods in that namespace.)

12. Network Policies ● These policies are firewall rules that specify permissible types of traffic to, from and between pods. If requested, Kubernetes blocks all traffic that is not explicitly allowed. ● Policies are applied to groups of pods identified by common labels.

13. Who Provides Network Policies ? ● Calico ● Cilium ● Kube-router ● Romana ● Weave Net

14. Someone will ask, why not flannel ? https://github.com/projectcalico/canal https://thenewstack.io/project-calico-flannel-join-forces-policy-secured-networking/

15. Quick introduction to calico ● OpenSource ● Enables Networking of Workloads in Cloud Environment ● User need not to be networking expert ● Scale Thousand of workloads ● L3 level ● Containers, VMs, bare metal

16. Installation kubectl apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernet es/installation/hosted/calico.yaml

17. It will install... ● A ConfigMap which contains the Calico configuration. ● A DaemonSet which installs the calico/node pod and CNI plugin. ● A ReplicaSet which installs the calico/kube-policy-controller pod. In kube-system namespace

18. Default deny apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny spec: podSelector: {} policyTypes: - Ingress

19. kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: access-nginx spec: podSelector: matchLabels: app: nginx ingress: - from: - podSelector: matchLabels: app: foo

20. You can use ● PodSelector ● NameSpaceSelector ● IP ranges with CIDR

21.

22.

23.

24. Thank You !!!

Network policies in Kubernetes using Calico

Recommended

Recommended

More Related Content

Similar to Network policies in Kubernetes using Calico

Similar to Network policies in Kubernetes using Calico (20)

Recently uploaded

Recently uploaded (20)

Network policies in Kubernetes using Calico