K
Q

Calico Global Network Policy and ip table rules

2/9/2022

I am trying to understand how do Calico Global Network Policies work "under the hood". Let's say I have lots of (namespaced) network policies. For example, the same policy deployed to lots of namespaces. Common example might be to block or allow specific traffic in all namespaces. And let's say in this example, these are specialized workloads all deployed to a single node. If I replace these large number of (namespaced) policies with a single global network policy, will it reduce the number of IP table rules configured on the node?

-- sunspots
iptables
kubernetes
kubernetes-networking
kubernetes-networkpolicy
project-calico

Similar Questions

kubernetes create cinder pvc on Openstack Failed with error message: Invalid request due to incorrect syntax or missing required parameters
Finding the location of admin_ca, cluster_ca and admin_cert in k8s
Rancher v2.0 proposed openebs deployment uses v0.6.0 helm template
What is the recommended way to move lone pods to different node before draining? Such that kubectl drain node1 --force does not delete the pod
ElasticBlockStore with StorageClass

1 Answer

2/11/2022

I did some testing. Implementing a Calico Global network policy does result in reduced number of iptables rules on the host.

-- sunspots
Source: StackOverflow