From 0776f9d6311dff5ded01ba6f13919f3babec5077 Mon Sep 17 00:00:00 2001 From: isa-bel Date: Sun, 14 May 2017 14:26:41 -0700 Subject: [PATCH] Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section --- .../calico-network-policy.md | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/docs/tasks/administer-cluster/calico-network-policy.md b/docs/tasks/administer-cluster/calico-network-policy.md index f45449da2e..a57fc71383 100644 --- a/docs/tasks/administer-cluster/calico-network-policy.md +++ b/docs/tasks/administer-cluster/calico-network-policy.md @@ -9,6 +9,17 @@ redirect_from: - "/docs/tasks/configure-pod-container/calico-network-policy.html" --- +{% capture overview %} +This page shows how to use Calico for NetworkPolicy. +{% endcapture %} + +{% capture prerequisites %} +* Install Calico for Kubernetes. +{% endcapture %} + +{% capture steps %} +## Deploying a cluster using Calico + You can deploy a cluster using Calico for network policy in the default [GCE deployment](/docs/getting-started-guides/gce) using the following set of commands: ```shell @@ -18,11 +29,22 @@ curl -sS https://get.k8s.io | bash ``` See the [Calico documentation](http://docs.projectcalico.org/) for more options to deploy Calico with Kubernetes. +{% endcapture %} -Once your cluster using Calico is running, you should see a collection of pods running in the `kube-system` Namespace that support Kubernetes NetworkPolicy. +{% capture discussion %} +## Understanding Calico components + +Deploying a cluster with Calico adds Pods that support Kubernetes NetworkPolicy. These Pods run in the `kube-system` Namespace. + +To see this list of Pods run: + +```shell +kubectl get pods --namespace=kube-system +``` + +You'll see a list of Pods similar to this: ```console -$ kubectl get pods --namespace=kube-system NAME READY STATUS RESTARTS AGE calico-node-kubernetes-minion-group-jck6 1/1 Running 0 46m calico-node-kubernetes-minion-group-k9jy 1/1 Running 0 46m @@ -33,7 +55,12 @@ calico-policy-controller-65rw1 1/1 Running 0 There are two main components to be aware of: -- One `calico-node` Pod runs on each node in your cluster, and enforces network policy on the traffic to/from Pods on that machine by configuring iptables. -- The `calico-policy-controller` Pod reads policy and label information from the Kubernetes API and configures Calico appropriately. +- One `calico-node` Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that machine by configuring iptables. +- The `calico-policy-controller` Pod reads the policy and label information from the Kubernetes API and configures Calico appropriately. +{% endcapture %} +{% capture whatsnext %} Once your cluster is running, you can follow the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy. +{% endcapture %} + +{% include templates/task.md %}