Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to deploy Canal in Network Policy. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Network Policy is a resource of Kubernetes. Network Policy selects Pod through Label and specifies how other Pod or outsiders communicate with these Pod.

By default, all Pod is unquarantined, that is, network traffic from any source can access the Pod without any restrictions. When Network Policy is defined for Pod, only traffic allowed by Policy can access Pod.

However, not all Kubernetes network schemes support Network Policy. For example, Flannel does not support it, but Calico does. Next we will use Canal to demonstrate Network Policy. Canal is an interesting open source project that uses Flannel to implement Kubernetes cluster networks and Calico to implement Network Policy.

Deploy Canal

Deploying Canal is very similar to deploying other Kubernetes network scenarios, which are installed through kubectl apply after kubeadm init initializes the Kubernetes cluster. In other words, there is no good way to switch directly to a different network scheme, and basically you can only recreate the cluster.

The easiest way to destroy the current cluster is to execute kubeadm reset on each node. You can then initialize the cluster as we did in the "initializing Master" section of the previous "deploying Kubernetes Cluster" chapter.

Kubeadm init-apiserver-advertise-address 192.168.56.105-pod-network-cidr=10.244.0.0/16

Then follow the documentation https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ to install Canal. The document lists the installation methods for various network scenarios:

Execute the following command to deploy Canal

Kubectl apply-f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.7/rbac.yamlkubectl apply-f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.7/canal.yaml

After the deployment is successful, you can see the Canal-related components:

Canal is deployed to each node as a DaemonSet, belonging to the namespace of kube-system.

On how to deploy Canal in Network Policy to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.