github.com/cilium/cilium@v1.16.2/Documentation/network/clustermesh/policy.rst

github.com/cilium/cilium@v1.16.2/Documentation/network/clustermesh/policy.rst (about)

     1  .. _gs_clustermesh_network_policy:
     2  
     3  **************
     4  Network Policy
     5  **************
     6  
     7  This tutorial will guide you how to define NetworkPolicies affecting multiple
     8  clusters.
     9  
    10  Prerequisites
    11  #############
    12  
    13  You need to have a functioning Cluster Mesh setup, please follow the guide
    14  :ref:`gs_clustermesh` to set it up.
    15  
    16  Security Policies
    17  #################
    18  
    19  As addressing and network security are decoupled, network security enforcement
    20  automatically spans across clusters. Note that Kubernetes security policies are
    21  not automatically distributed across clusters, it is your responsibility to
    22  apply ``CiliumNetworkPolicy`` or ``NetworkPolicy`` in all clusters.
    23  
    24  Allowing Specific Communication Between Clusters
    25  ================================================
    26  
    27  The following policy illustrates how to allow particular pods to communicate
    28  between two clusters. The cluster name refers to the name given via the
    29  ``--cluster-name`` agent option or ``cluster-name`` ConfigMap option.
    30  
    31  .. code-block:: yaml
    32  
    33      apiVersion: "cilium.io/v2"
    34      kind: CiliumNetworkPolicy
    35      metadata:
    36        name: "allow-cross-cluster"
    37      spec:
    38        description: "Allow x-wing in cluster1 to contact rebel-base in cluster2"
    39        endpointSelector:
    40          matchLabels:
    41            name: x-wing
    42            io.cilium.k8s.policy.cluster: cluster1
    43        egress:
    44        - toEndpoints:
    45          - matchLabels:
    46              name: rebel-base
    47              io.cilium.k8s.policy.cluster: cluster2