Source: dzone.com
Protecting Hosts in Kubernetes ClusterCategory: Software, Kubernetes, Docker, firewall
Calico is a Container Network Interface (CNI) plugin that, in addition to CNI capabilities, provides Network policies to control traffic between pods as well as firewall functionality to secure nodes. In order to utilize Calico's capabilities as a firewall to secure node using Calico's GlobalNetworkPolicy, a HostEndpoint would need to be created per network interface on the node.
The script loops infinitely and checks if a HostEndpoint object is created for the host where it is running. If not, it uses kubectl client to create HostEndpoint object for the host that is applicable for all the host's interfaces.
Check the logs for a Pod to ensure it is creating HostEndpoint for that node.
The script loops infinitely and checks if a HostEndpoint object is created for the host where it is running. If not, it uses kubectl client to create HostEndpoint object for the host that is applicable for all the host's interfaces.
Check the logs for a Pod to ensure it is creating HostEndpoint for that node.
Related Articles
Community Partners
DevOps Careers