In version 1.8 network-policies became an official part of the kubernetes-api. Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoint.
Kuryr-kubernetes is an OpenStack project that enables native neutron-based networking in Kubernetes. In Kuryr we choose to apply the Kubernetes network policies in OpenStack environment by leveraging the Neutron security groups.
In this talk we will present the difficulties that we’ve encountered with the network policies translation. We will talk about the implementation of the translation to Neutron security groups compared to other Kubernetes open-source networking solutions like kubernetes-ovn or Cilium.
- Kubernetes network policies
- Neutron secuirty groups
- Integrating Kubernetes policies in OpenStack env
- Pros and cons in Neutron security group in comparison to alternative open source solution .