-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Namespace network isolation with Calico #175
Comments
@danielhartnell thanks so much for submitting this! We'll start playing using that code. |
I'm starting to work on this. |
Hey @the-smooth-operator and @ziegeer,
This policy should provide namespace network isolation. Sorry that got lost in the transition. Maybe it'll save you a little time. The policy can only be applied with
calicoctl
I believe. In order to do that, I had to run calicoctl as a pod in the cluster itself which is documented here:https://docs.projectcalico.org/v3.5/usage/calicoctl/install#installing-calicoctl-as-a-kubernetes-pod
I think that the current cluster has Calico available in policy only mode but I'm not sure I fully understood the state of Calico in the cluster.
Cheers!
Daniel
Update: I forgot. You'll want to read the docs on Calico policies. You can do some pretty neat stuff including using the
namespaceSelector
andselector
for this. I can't remember exactly what I was doing here but you'll just need to make sure that the namespace and pod labels match whatever you have in the policy here. May take a bit of experimenting but it shouldn't be too bad to get it all working.The text was updated successfully, but these errors were encountered: