Banzaicloud PKE

PKE uses Weave’s network plugin (this is by default, but PKE supports Calico as well), and thus supports NetwportPolicy out-of-the-box.

Using Weave network plugin

Try Weave examples.

Using Calico network plugin

Try Calico examples.

Banzaicloud Pipeline currently doesn’t support creating provider managed K8S clusters with enabled network policy. Using Calico the key in case of some providers.

Amazon EKS

Testing the network policy, you have to deploy some test pods the same way described above in section PKE. Amazon EKS doesn’t support NetworkPolicy by default. Thus, we will have to deploy a Calico DaemonSet

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5/config/v1.5/calico.yaml

Now you can use Calico NetworkPolicy in addition to Kubernetes NetworkPolicy, or exclusively. Try Calico examples.

Oracle OKE

Oracle OKE uses Flannel as network plugin, so we have to extend it with Calico as you can see in case of Amazon EKS.

curl https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/hosted/kubernetes-datastore/policy-only/1.7/calico.yaml -O

Identify your pod’s CIDR:

kubectl get pod -o wide -n pipeline-system 
NAME                                                    READY   STATUS             RESTARTS   AGE   IP           NODE        NOMINATED NODE   READINESS GATES
anchore-anchore-policy-validator-59546b77d7-6kwmk       1/1     Running            0          16m   10.244.1.6   10.0.11.2   <none>           <none>

Editing your calico.yaml and deploy it.

sed -i -e "s?192.168.0.0/16?10.244.0.0/16?g" calico.yaml
sed -i -e 's/typha_service_name:\s"none"/typha_service_name: calico-typha/g' calico.yaml
kubectl apply -f calico.yaml

Now, you can try Calico examples.

Google GKE

After you created a GKE cluster with Pipeline, you can enable network policy support using google cli tool or console. Network policy enforcement on GKE In a GKE cluster with enabled network policy you can find Calico pods which are responsible for implementing network policy controller. You can try Calico examples.

Azure AKS

You can create an Azure AKS cluster with enabled network policy using azure cli tool, if you use the --network-policy flag. You can read more about it in the official Azure AKS documentation You can choose Azure or Calico network policiy If you chose Calico network, you would be able to try Calico examples.

Alibaba ACK

You can create an Alibaba ACK cluster with enabled network policy using aliyun cli tool, if you use the Terway network plugin instead of its default, Flannel. You can read more about this in the Alibaba ACK documentation