K
Q

Starting with Calico network policy in Kubernetes

6/22/2021

I have a application running with kubernetes orchestrator. I want to implement calico network policy on the basis of CIDR so that I can control the pod's traffic (incoming and outgoing). I am looking for prerequisite installation (any plugin) and what changes (calico yaml file or manifest file) are required to achieve this.

Some explanation about steps that need to be implemented will be appreciated.

-- solveit
calico
k3s
kubernetes
kubernetes-networkpolicy
project-calico

Similar Questions

Why is Visual Studio Code not finding my kubectl binary?
Can we apply/delete kubernetes YAML files in IntelliJ IDEA/Visual Studio Code?
Suddenly getting "Unable to connect to the server: net/http: TLS handshake timeout" from kubectl
Kubernetes stateful apps with bare metal
Allow traffic where from-pod label equals to-pod label

2 Answers

6/22/2021

well, prerequisites depend on whether you want to use plain Kubernetes NetworkPolicies or Calico NetworkPolicies.

You will need to have a CNI Plugin deployed which implements the NetworkPolicy Specification either way. Calicao supports plain NetPols as well as its own NetPol implementation.

  1. check your deployed CNI plugin
  2. check if your deployed CNI plugin implements network policies
  3. create NetworkPolicy kubernetes ressources and deploy them
-- meaningqo
Source: StackOverflow
6/22/2021

By default as explained here K3s is running with flannel CNI, using VXLAN as default backend.

To change the CNI you need to run K3s with --flannel-backend=none. For more information please visit custom-CNI section of the docs.

Please note that besides calico you can run canal CNI which in fact is flannel with calico network policies available.

-- acid_fuji
Source: StackOverflow