Tasks

Step-by-step instructions for performing operations with Kubernetes.

Documentation for Kubernetes v1.8 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Tasks
Administer a Cluster
Access Clusters Using the Kubernetes API
Access Services Running on Clusters
Securing a Cluster
Encrypting data at rest
Operating etcd clusters for Kubernetes
Static Pods
Cluster Management
Cluster Management Guide for Version 1.6
Upgrading kubeadm clusters from 1.6 to 1.7
Upgrading kubeadm clusters from 1.7 to 1.8
Share a Cluster with Namespaces
Namespaces Walkthrough
Autoscale the DNS Service in a Cluster
Safely Drain a Node while Respecting Application SLOs
Configure Out Of Resource Handling
Reserve Compute Resources for System Daemons
Guaranteed Scheduling For Critical Add-On Pods
Declare Network Policy
Reconfigure a Node's Kubelet in a Live Cluster
Set Kubelet parameters via a config file
Change the Reclaim Policy of a PersistentVolume
Limit Storage Consumption
Change the default StorageClass
Kubernetes Cloud Controller Manager
Developing Cloud Controller Manager
Set up High-Availability Kubernetes Masters
Configure Multiple Schedulers
IP Masquerade Agent User Guide
Configure private DNS zones and upstream nameservers in Kubernetes
Manage GPUs
Manage HugePages
Extend kubectl with plugins

Edit This Page

Use Cilium for NetworkPolicy

This page shows how to use Cilium for NetworkPolicy.

For background on Cilium, read the Introduction to Cilium.

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:

To check the version, enter kubectl version.

Deploying Cilium on Minikube for Basic Testing

To get familiar with Cilium easily you can follow the Cilium Kubernetes Getting Started Guide to perform a basic DaemonSet installation of Cilium in minikube.

Installation in a minikube setup uses a simple ‘‘all-in-one’’ YAML file that includes DaemonSet configurations for Cilium and a key-value store (consul) as well as appropriate RBAC settings:

$ kubectl create -f https://raw.githubusercontent.com/cilium/cilium/master/examples/minikube/cilium-ds.yaml
clusterrole "cilium" created
serviceaccount "cilium" created
clusterrolebinding "cilium" created
daemonset "cilium-consul" created
daemonset "cilium" created

The remainder of the Getting Started Guide explains how to enforce both L3/L4 (i.e., IP address + port) security policies, as well as L7 (e.g., HTTP) security policies using an example application.

Deploying Cilium for Production Use

For detailed instructions around deploying Cilium for production, see: Cilium Administrator Guide This documentation includes detailed requirements, instructions and example production DaemonSet files.

Understanding Cilium components

Deploying a cluster with Cilium adds Pods to the kube-system namespace. To see this list of Pods run:

kubectl get pods --namespace=kube-system

You’ll see a list of Pods similar to this:

NAME            DESIRED   CURRENT   READY     NODE-SELECTOR   AGE
cilium          1         1         1         <none>          2m
...

There are two main components to be aware of:

What’s next

Once your cluster is running, you can follow the Declare Network Policy to try out Kubernetes NetworkPolicy with Cilium. Have fun, and if you have questions, contact us using the Cilium Slack Channel.

Analytics

Create an Issue Edit this Page