K
Q

How can network traffic inside a GKE cluster where Network Policy feature is disabled be controlled without recreating all node pools?

1/5/2022

I am running GKE cluster version 1.20 in which Dataplane V2 and the Network Policy features are disabled.

Per the GKE documentation, enabling the Network Policy feature on non-Dataplane V2 clusters requires recreating all node pools.

My cluster have two node pools for various workloads and I want to make sure pod A can communicate only with pod B, both on the same node pool, without recreating the other node pool.

I also want to avoid achieving this using OS-based solutions such as Linux iptables or GCP-based solutions such as VPC firewall rules. It must be an in-cluster solution.

-- randvir
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

Kubernetes kubectl update service selector
Default Load Balancing in Kubernetes
Kubernetes - Single Cluster or Multiple Clusters
Unable to pass namespace parameter to kubernetes-cli plugin for Jenkins
How to enable logging for third party containers in Kubernetes?

1 Answer

1/6/2022

Dataplane V2 has Network Policies enabled by default, you don't have to enable them

Per the doc

Warning: GKE Dataplane V2 comes with Kubernetes network policy enforcement built-in. This means that you don't need to enable network policy in clusters that use GKE Dataplane V2. If you try to explicitly enable or disable network policy enforcement in a cluster that uses GKE Dataplane V2, the request will fail with the error message Enabling NetworkPolicy for clusters with DatapathProvider=ADVANCED_DATAPATH is not allowed..

-- boredabdel
Source: StackOverflow