1. Answers
  2. Creating Kubernetes Cilium Network Policies

How do I create Kubernetes Cilium network policies?

In this guide, we will create a Cilium network policy in a Kubernetes cluster using Pulumi. Cilium is a networking and security solution for Kubernetes that provides network connectivity and security policies. Network policies are used to control the traffic flow between pods in a Kubernetes cluster.

We will use Pulumi to define and deploy the Cilium network policy. Pulumi allows us to use familiar programming languages to define and manage cloud infrastructure, making it easier to automate and maintain our infrastructure as code.

Below is the Pulumi program written in TypeScript that creates a Cilium network policy:

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a new Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
    metadata: {
        name: "example-namespace",
    },
});

// Define the Cilium network policy
const ciliumNetworkPolicy = new k8s.apiextensions.CustomResource("ciliumNetworkPolicy", {
    apiVersion: "cilium.io/v2",
    kind: "CiliumNetworkPolicy",
    metadata: {
        name: "allow-all",
        namespace: namespace.metadata.name,
    },
    spec: {
        endpointSelector: {
            matchLabels: {
                "k8s-app": "example-app",
            },
        },
        ingress: [
            {
                fromEndpoints: [
                    {
                        matchLabels: {
                            "k8s-app": "example-app",
                        },
                    },
                ],
            },
        ],
        egress: [
            {
                toEndpoints: [
                    {
                        matchLabels: {
                            "k8s-app": "example-app",
                        },
                    },
                ],
            },
        ],
    },
});

// Export the namespace and policy name
export const namespaceName = namespace.metadata.name;
export const policyName = ciliumNetworkPolicy.metadata.name;

Key Points

  • We create a Kubernetes namespace named example-namespace.
  • We define a Cilium network policy named allow-all within the example-namespace.
  • The policy allows traffic between pods with the label k8s-app=example-app for both ingress and egress.
  • We use Pulumi’s CustomResource to define the Cilium network policy with the appropriate API version and kind.

Summary

In this guide, we created a Cilium network policy in a Kubernetes cluster using Pulumi. We defined a namespace and a network policy that allows traffic between pods with a specific label. Pulumi’s infrastructure as code approach makes it easy to automate and manage Kubernetes resources.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up