FOSDEM is a free conference for Open Source developers, held each year in Brussels. In the Lightning Talk stream I gave a whistle-stop tour of the motivation, definition and implementation of Kubernetes NetworkPolicy using Weave Net.
- In order to scale services across tens or hundreds of servers, Kubernetes requires a container network where all points are connected.
- As cluster admin, you would like to restrict malicious or accidental intrusion by locking down network traffic to specific paths.
- Kubernetes NetworkPolicy documents let you state which pods of containers are allowed to talk to which other pods, based on labels that you apply.
- Weave Net Policy Controller (Weave-npc) reads those policies and applies firewall rules dynamically on every node.
- Weave-npc is designed to have minimal impact on performance as the number of containers grows.
Watch the full talk below: