This module manages network policies.
Deckhouse implements a conservative approach to organizing the network based on elementary network backends, such as “pure” CNI or flannel in the
host-gw mode. This approach is reliable and straightforward and turned out to be the best.
NetworkPolicy implementation in Deckhouse is also solid and straightforward. It is based on
kube-router in the Network Policy Controller mode (
--run-firewall). In this case,
NetworkPolicy network policies into
iptables rules. The latter, in turn, work with any installations (regardless of the cloud or the CNI used).
network-policy-engine module deploys a
d8-system Daemonset in the namespace with kube-router in the Network Policy Controller mode. As a result, the Kubernetes cluster fully supports Network Policies.
The following policy description formats are supported:
- networking.k8s.io/NetworkPolicy API
- network policy V1/GA semantics
- network policy beta semantics
Example recipes are available here.