Enable network policies in providers

Banzaicloud PKE 🔗︎

PKE uses Weave’s network plugin (this is by default, but PKE supports Calico as well), and thus supports NetwportPolicy out-of-the-box.

Using Weave network plugin 🔗︎

Try Weave examples.

Using Calico network plugin 🔗︎

Try Calico examples.

Banzaicloud Pipeline currently doesn’t support creating provider managed K8S clusters with enabled network policy. Using Calico the key in case of some providers.

Amazon EKS 🔗︎

Testing the network policy, you have to deploy some test pods the same way described above in section PKE. Amazon EKS doesn’t support NetworkPolicy by default. Thus, we will have to deploy a Calico DaemonSet

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5/config/v1.5/calico.yaml

Now you can use Calico NetworkPolicy in addition to Kubernetes NetworkPolicy, or exclusively. Try Calico examples.

Google GKE 🔗︎

After you created a GKE cluster with Pipeline, you can enable network policy support using google cli tool or console. Network policy enforcement on GKE In a GKE cluster with enabled network policy you can find Calico pods which are responsible for implementing network policy controller. You can try Calico examples.

Azure AKS 🔗︎

You can create an Azure AKS cluster with enabled network policy using azure cli tool, if you use the --network-policy flag. You can read more about it in the official Azure AKS documentation You can choose Azure or Calico network policiy If you chose Calico network, you would be able to try Calico examples.