FOSDEM is a free conference for Open Source developers, held each year in Brussels. In the Lightning Talk stream I gave a whistle-stop tour of the motivation, definition and implementation of Kubernetes NetworkPolicy using Weave Net.

  • In order to scale services across tens or hundreds of servers, Kubernetes requires a container network where all points are connected.
  • As cluster admin, you would like to restrict malicious or accidental intrusion by locking down network traffic to specific paths.
  • Kubernetes NetworkPolicy documents let you state which pods of containers are allowed to talk to which other pods, based on labels that you apply.
  • Weave Net Policy Controller (Weave-npc) reads those policies and applies firewall rules dynamically on every node.
  • Weave-npc is designed to have minimal impact on performance as the number of containers grows.

Watch the full talk below: