DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Protecting Hosts in Kubernetes Cluster

4 years ago dzone.com
Protecting Hosts in Kubernetes Cluster

Summary: This is a summary of an article originally published by the source. Read the full original article here →

Calico is a Container Network Interface (CNI) plugin that, in addition to CNI capabilities, provides Network policies to control traffic between pods as well as firewall functionality to secure nodes. In order to utilize Calico's capabilities as a firewall to secure node using Calico's GlobalNetworkPolicy, a HostEndpoint would need to be created per network interface on the node.

The script loops infinitely and checks if a HostEndpoint object is created for the host where it is running. If not, it uses kubectl client to create HostEndpoint object for the host that is applicable for all the host's interfaces.

Check the logs for a Pod to ensure it is creating HostEndpoint for that node.

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com