sunspots
Reputation: 101
Calico Global Network Policy and ip table rules
I am trying to understand how do Calico Global Network Policies work "under the hood". Let's say I have lots of (namespaced) network policies. For example, the same policy deployed to lots of namespaces. Common example might be to block or allow specific traffic in all namespaces. And let's say in this example, these are specialized workloads all deployed to a single node. If I replace these large number of (namespaced) policies with a single global network policy, will it reduce the number of IP table rules configured on the node?
Upvotes: 0
Views: 318
Answers (1)
sunspots
Reputation: 101
I did some testing. Implementing a Calico Global network policy does result in reduced number of iptables rules on the host.
Upvotes: 1
Related Questions
- Network policy not working with daemonset pods
- Starting with Calico network policy in Kubernetes
- iptables rules for kube-dns
- Project Calico: Priority between "global policy" and "network policy"
- Kubernetes Networkpolicy dosen't block traffic
- Kubernetes NetworkPolicy limit egress traffic to service
- Calico IPs Confusion
- Kubernetes network policy egress ports
- Implementing iptables rules on Kubernetes nodes
- How can I write a minimal NetworkPolicy to firewall a Kubernetes application with a Service of type LoadBalancer using Calico?