Reputation: 1229
Starting with Calico network policy in Kubernetes
I have a application running with kubernetes orchestrator. I want to implement calico network policy on the basis of CIDR so that I can control the pod's traffic (incoming and outgoing). I am looking for prerequisite installation (any plugin) and what changes (calico yaml file or manifest file) are required to achieve this.
Some explanation about steps that need to be implemented will be appreciated.
Upvotes: 0
Views: 1093
Answers (2)
Reputation: 6853
By default as explained here K3s is running with flannel CNI, using VXLAN as default backend.
To change the CNI you need to run K3s with --flannel-backend=none. For more information please visit custom-CNI section of the docs.
Please note that besides calico you can run canal CNI which in fact is flannel with calico network policies available.
Upvotes: 1
Reputation: 1918
well, prerequisites depend on whether you want to use plain Kubernetes NetworkPolicies or Calico NetworkPolicies.
You will need to have a CNI Plugin deployed which implements the NetworkPolicy Specification either way. Calicao supports plain NetPols as well as its own NetPol implementation.
- check your deployed CNI plugin
- check if your deployed CNI plugin implements network policies
- create NetworkPolicy kubernetes ressources and deploy them
Upvotes: 1
Related Questions
- Network policy not working with daemonset pods
- Kubernetes Network Policy Egress to pod via service
- Network Policy in Kubernetes
- Kubernetes: cannot see network policies created with calico
- Network policy behavior for multi-node cluster
- Calico Global Network Policy and ip table rules
- Project Calico: Priority between "global policy" and "network policy"
- BA network policy-CKA
- Network Policy in Kubernetes under the hood
- Kubernetes calico networkpolicy