How do I create Kubernetes Cilium network policies?
In this guide, we will create a Cilium network policy in a Kubernetes cluster using Pulumi. Cilium is a networking and security solution for Kubernetes that provides network connectivity and security policies. Network policies are used to control the traffic flow between pods in a Kubernetes cluster.
We will use Pulumi to define and deploy the Cilium network policy. Pulumi allows us to use familiar programming languages to define and manage cloud infrastructure, making it easier to automate and maintain our infrastructure as code.
Below is the Pulumi program written in TypeScript that creates a Cilium network policy:
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Create a new Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
metadata: {
name: "example-namespace",
},
});
// Define the Cilium network policy
const ciliumNetworkPolicy = new k8s.apiextensions.CustomResource("ciliumNetworkPolicy", {
apiVersion: "cilium.io/v2",
kind: "CiliumNetworkPolicy",
metadata: {
name: "allow-all",
namespace: namespace.metadata.name,
},
spec: {
endpointSelector: {
matchLabels: {
"k8s-app": "example-app",
},
},
ingress: [
{
fromEndpoints: [
{
matchLabels: {
"k8s-app": "example-app",
},
},
],
},
],
egress: [
{
toEndpoints: [
{
matchLabels: {
"k8s-app": "example-app",
},
},
],
},
],
},
});
// Export the namespace and policy name
export const namespaceName = namespace.metadata.name;
export const policyName = ciliumNetworkPolicy.metadata.name;
Key Points
- We create a Kubernetes namespace named
example-namespace
. - We define a Cilium network policy named
allow-all
within theexample-namespace
. - The policy allows traffic between pods with the label
k8s-app=example-app
for both ingress and egress. - We use Pulumi’s
CustomResource
to define the Cilium network policy with the appropriate API version and kind.
Summary
In this guide, we created a Cilium network policy in a Kubernetes cluster using Pulumi. We defined a namespace and a network policy that allows traffic between pods with a specific label. Pulumi’s infrastructure as code approach makes it easy to automate and manage Kubernetes resources.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.