multi-networkpolicy-iptables

module

v0.0.0-...-2879925 Latest Latest Go to latest Published: Apr 9, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/k8snetworkplumbingwg/multi-networkpolicy-iptables

Links

Open Source Insights

README ¶

multi-networkpolicy-iptables

multi-networkpolicy implementation with iptables

Current Status of the Repository

It is now actively developping hence not stable yet. Bug report and feature request are welcome.

Description

Kubernetes provides Network Policies for network security. Currently net-attach-def does not support Network Policies because net-attach-def is CRD, user defined resources, outside of Kubernetes. multi-network policy implements Network Policiy functionality for net-attach-def, by iptables and provies network security for net-attach-def networks.

Quickstart

Install MultiNetworkPolicy CRD into Kubernetes.

$ git clone https://github.com/k8snetworkplumbingwg/multi-networkpolicy
$ cd multi-networkpolicy
$ kubectl create -f scheme.yml
customresourcedefinition.apiextensions.k8s.io/multi-networkpolicies.k8s.cni.cncf.io created

Deploy multi-networkpolicie-iptables into Kubernetes.

$ git clone https://github.com/k8snetworkplumbingwg/multi-networkpolicy-iptables
$ cd multi-networkpolicy-iptables
$ kubectl create -f deploy.yml
clusterrole.rbac.authorization.k8s.io/multi-networkpolicy created
clusterrolebinding.rbac.authorization.k8s.io/multi-networkpolicy created
serviceaccount/multi-networkpolicy created
daemonset.apps/multi-networkpolicy-ds-amd64 created

Requirements

This project leverages iptables and ip6tables commands to do its work. Hence, ip_tables and ip6_tables kernel modules need to be loaded on the container host:

# modprobe ip_tables ip6_tables

Configurations

See Configurations.

Demo

(TBD)

MultiNetworkPolicy DaemonSet

MultiNetworkPolicy creates DaemonSet and it runs multi-networkpolicy-iptables for each node. multi-networkpolicy-iptables watches MultiNetworkPolicy object and creates iptables rules into 'pod's network namespace', not container host and the iptables rules filters packets to interface, based on MultiNetworkPolicy.

TODO

Bugfixing
(TBD)

Contact Us

For any questions about Multus CNI, feel free to ask a question in #general in the NPWG Slack, or open up a GitHub issue. Request an invite to NPWG slack here.

Directories ¶

Path	Synopsis
cmd
multi-networkpolicy-iptables This is a Kubernetes controller to generate iptables rules for multi-networkpolicy.	This is a Kubernetes controller to generate iptables rules for multi-networkpolicy.
pkg
controllers Package controllers is the package that contains controller functions.	Package controllers is the package that contains controller functions.
server Package server is the package that contains server functions.	Package server is the package that contains server functions.
utils Package utils is the package that contains utility functions.	Package utils is the package that contains utility functions.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL