mcs-netpol

command module

v0.0.0-...-8d93ae3 Latest Latest Go to latest Published: Apr 10, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/srampal/mcs-netpol

Links

Open Source Insights

README ¶

Network Policy for Kubernetes Multi-Cluster Services API

PoC of CRD and controller for an enhanced network policy to address multi-cluster service networking implementation of the Multi-Cluster Services API.

Note: This is a limited proof of concept implementation currently for basic demo purposes. The longer term goal is to have a more complete implementation based on the eventual upstream kubernetes community's Multi-Cluster Network Policy API definition (a current draft proposalslides)

This repo defines an api (api/va1lpha1/multiclusterpolicy_types.go) and includes a golang implementation of a controller for this api. This implementation should work with multiple CNI implementations and multiple implementations of the K8s MultiCluster Services (MCS) API, although has so far only been tested using the upstream Kubernetes, weave CNI and the Submariner implementation of the MCS api.

Basic demo

Setup 2 k8s clusters with an implementation of the Multi-Cluster Services API (example using the procedure outlined at this link
Export an nginx deployment/ service from cluster 2 (example shown here but any standard method works. Confirm the service can be accessed by a client pod in cluster1 as described in the same link.
Clone this repo
Run 'make install' to deploy the multicluster policy CRD
Run 'make deploy IMG=srampal/mcs-netpol:0.4' to deploy the controller (if a newer version of the container is available on dockerhub, feel free to try the latest version)
Deploy test pods in cluster1 (kubectl apply -f config/samples/test-pods.yaml)
Verify that both test pods can access the remote nginx service (use 'curl nginx.default.svc.clusterset.local' from within the bash shell of each test pod.
Now apply the sample multicluster policy provided (kubectl apply -f config/samples/policy-1.yaml)
Repeat the test from step 7, confirm that the pod labeled color:blue are unable to access the remote service whereas the pod labeled color:red can continue to access. This confirms multicluster netwpro policy filtering operation.

Community, discussion, contribution, and support

Code of conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1alpha1 Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +kubebuilder:object:generate=true +groupName=policy.submariner.io	Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group +kubebuilder:object:generate=true +groupName=policy.submariner.io
controllers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL