Network Policies

    Note

    • Please make sure that the CNI network plugin used by the cluster supports Network Policies before you enable the feature. There are a number of CNI network plugins that support Network Policies, including Calico, Cilium, Kube-router, Romana, and Weave Net.
    • It is recommended that you use Calico as the CNI plugin before you enable Network Policies.

    For more information, see .

    When you implement multi-node installation of KubeSphere on Linux, you need to create a configuration file, which lists all KubeSphere components.

    1. In the tutorial of Installing KubeSphere on Linux, you create a default file . Modify the file by executing the following command:

      Note

      If you adopt , you do not need to create a config-sample.yaml file as you can create a cluster directly. Generally, the all-in-one mode is for users who are new to KubeSphere and look to get familiar with the system. If you want to enable the Network Policy in this mode (for example, for testing purposes), refer to the following section to see how the Network Policy can be installed after installation.

    2. Create a cluster using the configuration file:

    Installing on Kubernetes

    As you install KubeSphere on Kubernetes, you can enable the Network Policy first in the file.

    1. Download the file cluster-configuration.yaml and edit it.

      1. vi cluster-configuration.yaml

    2. In this local cluster-configuration.yaml file, navigate to network.networkpolicy and enable it by changing false to true for enabled. Save the file after you finish.

    3. Execute the following commands to start installation:

      2. kubectl apply -f cluster-configuration.yaml

    1. Log in to the console as admin. Click Platform in the upper-left corner and select Cluster Management.

    2. Info

      A Custom Resource Definition (CRD) allows users to create a new type of resources without adding another API server. They can use these resources like any other native Kubernetes objects.

    3. In Custom Resources, click on the right of ks-installer and select Edit YAML.

    4. In this YAML file, navigate to network.networkpolicy and change false to true for . After you finish, click OK in the lower-right corner to save the configuration.

    5. You can use the web kubectl to check the installation process by executing the following command:

      1. kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

      Note

    If you can see the Network Policies module in Network, it means the installation is successful as this part won’t display until you install the component.