2. $ whoami
● Works at Red Hat
● Contributes to Kompose, Kedge, Libcompose
● Plays with Kubernetes, OpenShift & Alexa
● Tweets at @red_suraj
● Code at @surajnarwade
● Write at http://suraj.pro
● One of the Event Host here :)
11. What is Network Policy ?
A network policy is a specification of how groups of pods are allowed to
communicate with each other and other network endpoints.
(By default, if no policies exist in a namespace, then all ingress and egress traffic is allowed to and from pods in that
namespace.)
12. Network Policies
● These policies are firewall rules that specify permissible types of traffic to, from and between pods. If requested,
Kubernetes blocks all traffic that is not explicitly allowed.
● Policies are applied to groups of pods identified by common labels.
13. Who Provides Network Policies ?
● Calico
● Cilium
● Kube-router
● Romana
● Weave Net
14. Someone will ask, why not flannel ?
https://github.com/projectcalico/canal
https://thenewstack.io/project-calico-flannel-join-forces-policy-secured-networking/
15. Quick introduction to calico
● OpenSource
● Enables Networking of Workloads in Cloud Environment
● User need not to be networking expert
● Scale Thousand of workloads
● L3 level
● Containers, VMs, bare metal
17. It will install...
● A ConfigMap which contains the Calico configuration.
● A DaemonSet which installs the calico/node pod and CNI plugin.
● A ReplicaSet which installs the calico/kube-policy-controller pod.
In kube-system namespace