kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Split out Calico bits

pull/1217/head
Casey Davenport 2016-09-12 18:32:35 -07:00
parent 5ce89f84f3
commit 3dc824673f
4 changed files with 42 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
_data/guides.yml
View File

@ -60,8 +60,12 @@ toc:
path: /docs/user-guide/working-with-resources/
- title: Garbage collection
path: /docs/user-guide/garbage-collector/
- title: Using Calico NetworkPolicy
path: /docs/getting-started-guides/calico-network-policy/
- title: Using NetworkPolicy
section:
- title: Example Walkthrough
path: /docs/getting-started-guides/network-policy/walkthrough/
- title: Using Calico for NetworkPolicy
path: /docs/getting-started-guides/network-policy/calico/
- title: Batch Jobs
section:

33
docs/getting-started-guides/network-policy/calico.md Normal file
View File

@ -0,0 +1,33 @@
---
assignees:
- caseydavenport
---
You can deploy a cluster using Calico for network policy in the default [GCE deployment](/docs/getting-started-guides/gce) using the following set of commands:
```shell
export NETWORK_POLICY_PROVIDER=calico
curl -sS https://get.k8s.io | bash
```
See the [Calico documentation](https://github.com/projectcalico/calico-containers/tree/master/docs/cni/kubernetes#getting-started) for more options to deploy Calico with Kubernetes.
Once your cluster using Calico is running, you should see a collection of pods running in the `kube-system` Namespace that support Kubernetes NetworkPolicy.
```console
$ kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
calico-node-kubernetes-minion-group-jck6 1/1 Running 0 46m
calico-node-kubernetes-minion-group-k9jy 1/1 Running 0 46m
calico-node-kubernetes-minion-group-szgr 1/1 Running 0 46m
calico-policy-controller-65rw1 1/1 Running 0 46m
...
```
There are two main components to be aware of:
- One `calico-node` Pod runs on each node in your cluster, and enforces network policy on the traffic to/from Pods on that machine by configuring iptables.
- The `calico-policy-controller` Pod reads policy and label information from the Kubernetes API and configures Calico appropriately.
Once your cluster is running, you can follow the [NetworkPolicy gettting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy.

26
docs/getting-started-guides/calico-network-policy.md → docs/getting-started-guides/network-policy/walkthrough.md
View File

@ -6,34 +6,12 @@ assignees:
Kubernetes can be used to declare network policies which govern how Pods can communicate with each other. This document helps you get started using the Kubernetes [NetworkPolicy API](/docs/user-guide/networkpolicies), and provides a demonstration thereof.
In this article we assume that that a Kubernetes cluster has been created with network policy support. It's easy to create such a cluster using the [GCE guide](/docs/getting-started-guides/gce), setting the `NETWORK_POLICY_PROVIDER=calico` environment variable.
In this article we assume that a Kubernetes cluster has been created with network policy support. There are a number of network providers which support NetworkPolicy (see the "Using X for NetworkPolicy" articles in this section). The reference implementation is [Calico](/docs/getting-started-guides/network-policy/calico) running on GCE.
e.g
```shell
export NETWORK_POLICY_PROVIDER=calico
curl -sS https://get.k8s.io | bash
```
The following example walkthrough will work on a Kubernetes cluster using any of the listed providers.
## Using NetworkPolicy
Once your cluster is started, you should see a collection of pods running in the `kube-system` Namespace that support Kubernetes NetworkPolicy.
```console
$ kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
calico-node-kubernetes-minion-group-jck6 1/1 Running 0 46m
calico-node-kubernetes-minion-group-k9jy 1/1 Running 0 46m
calico-node-kubernetes-minion-group-szgr 1/1 Running 0 46m
calico-policy-controller-65rw1 1/1 Running 0 46m
...
```
There are two main components to be aware of:
- One `calico-node` Pod runs on each node in your cluster, and enforces network policy on the traffic to/from Pods on that machine by configuring iptables.
- The `calico-policy-controller` Pod reads policy and label information from the Kubernetes API and configures Calico appropriately.
To explain how Kubernetes network policy works let's start off by creating an `nginx` Deployment and expose it via a Service.
```console

2
docs/user-guide/networkpolicies.md
View File

@ -48,7 +48,7 @@ To configure the annotation via `kubectl`:
kubectl annotate ns <namespace> "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"
{% endraw %}```
See the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy) for an example.
See the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) for an example.
## The `NetworkPolicy` Resource