Banzaicloud PKE 🔗︎
PKE uses Weave’s network plugin (this is by default, but PKE supports Calico as well), and thus supports
Using Weave network plugin 🔗︎
Try Weave examples.
Using Calico network plugin 🔗︎
Try Calico examples.
Banzaicloud Pipeline currently doesn’t support creating provider managed K8S clusters with enabled network policy. Using Calico the key in case of some providers.
Amazon EKS 🔗︎
Testing the network policy, you have to deploy some test pods the same way described above in section PKE.
Amazon EKS doesn’t support
NetworkPolicy by default. Thus, we will have to deploy a Calico
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5/config/v1.5/calico.yaml
Now you can use Calico NetworkPolicy in addition to Kubernetes NetworkPolicy, or exclusively. Try Calico examples.
Oracle OKE 🔗︎
Oracle OKE uses Flannel as network plugin, so we have to extend it with Calico as you can see in case of Amazon EKS.
curl https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/hosted/kubernetes-datastore/policy-only/1.7/calico.yaml -O
Identify your pod’s CIDR:
kubectl get pod -o wide -n pipeline-system NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES anchore-anchore-policy-validator-59546b77d7-6kwmk 1/1 Running 0 16m 10.244.1.6 10.0.11.2 <none> <none>
Editing your calico.yaml and deploy it.
sed -i -e "s?192.168.0.0/16?10.244.0.0/16?g" calico.yaml sed -i -e 's/typha_service_name:\s"none"/typha_service_name: calico-typha/g' calico.yaml kubectl apply -f calico.yaml
Now, you can try Calico examples.
Google GKE 🔗︎
After you created a GKE cluster with Pipeline, you can enable network policy support using google cli tool or console. Network policy enforcement on GKE In a GKE cluster with enabled network policy you can find Calico pods which are responsible for implementing network policy controller. You can try Calico examples.
Azure AKS 🔗︎
You can create an Azure AKS cluster with enabled network policy using azure cli tool, if you use the
--network-policy flag. You can read more about it in the official Azure AKS documentation
You can choose Azure or Calico network policiy
If you chose Calico network, you would be able to try Calico examples.
Alibaba ACK 🔗︎
You can create an Alibaba ACK cluster with enabled network policy using aliyun cli tool, if you use the
Terway network plugin instead of its default,
Flannel. You can read more about this in the Alibaba ACK documentation