- 128
- 222 116
Project Calico
United States
เข้าร่วมเมื่อ 22 เม.ย. 2015
Brought to you by Tigera, the creator of Calico Open Source. Tigera also provides commercial solutions, Calico Cloud and Calico Enterprise, which build on Calico Open Source to provide additional security and observability capabilities for containers and Kubernetes.
Project Calico is an open-source project with an active development and user community. Calico Open Source was born out of this project and has grown to be the most widely adopted solution for container networking and security, powering 8M+ nodes daily across 166 countries.
Free and open source, Calico Open Source is designed to simplify, scale, and secure container and Kubernetes networks. Invented and maintained by Tigera.
Project Calico is an open-source project with an active development and user community. Calico Open Source was born out of this project and has grown to be the most widely adopted solution for container networking and security, powering 8M+ nodes daily across 166 countries.
Free and open source, Calico Open Source is designed to simplify, scale, and secure container and Kubernetes networks. Invented and maintained by Tigera.
🎥 Namespace Isolation Policy 🎥
Welcome to the third video in our Calico network policy introduction series. In this lesson, we explore the namespace isolation policy for default-deny behavior.
📺 Video: Namespace Isolation Policy
🔑 Key Highlights:
Understanding namespace isolation policies.
Configuring namespace-scoped policies to permit internal traffic.
Using selectors for targeted policy enforcement.
Practical demonstration of permitting DNS traffic and denying unauthorized external communications.
📜 Chapters: 0:00 Introduction to Namespace Isolation Policy
0:15 Configuring the Namespace Isolation Policy
1:00 Using Namespace Selectors
1:45 Permitting Internal Traffic and DNS
2:30 Practical Example: Traffic Flows in a Demo Environment
4:00 Viewing Flow Logs and Denied Traffic
🎓 What You'll Learn:
How to configure and apply namespace isolation policies using Calico.
Use of namespace selectors for precise policy targeting.
Practical insights into permitting internal namespace traffic and specific external communications.
Understanding flow logs to troubleshoot and manage network policies.
Enhance your policy management skills and ensure robust network security in your Kubernetes environment with our comprehensive video.
#ContainerSecurity #Calico #NetworkSecurity #Kubernetes #PolicyManagement
📺 Video: Namespace Isolation Policy
🔑 Key Highlights:
Understanding namespace isolation policies.
Configuring namespace-scoped policies to permit internal traffic.
Using selectors for targeted policy enforcement.
Practical demonstration of permitting DNS traffic and denying unauthorized external communications.
📜 Chapters: 0:00 Introduction to Namespace Isolation Policy
0:15 Configuring the Namespace Isolation Policy
1:00 Using Namespace Selectors
1:45 Permitting Internal Traffic and DNS
2:30 Practical Example: Traffic Flows in a Demo Environment
4:00 Viewing Flow Logs and Denied Traffic
🎓 What You'll Learn:
How to configure and apply namespace isolation policies using Calico.
Use of namespace selectors for precise policy targeting.
Practical insights into permitting internal namespace traffic and specific external communications.
Understanding flow logs to troubleshoot and manage network policies.
Enhance your policy management skills and ensure robust network security in your Kubernetes environment with our comprehensive video.
#ContainerSecurity #Calico #NetworkSecurity #Kubernetes #PolicyManagement
มุมมอง: 111
วีดีโอ
🎥 Denial List Policy
มุมมอง 5021 วันที่ผ่านมา
Welcome to the second video in our Calico network policy introduction series. In this lesson, we dive into the first policy example: the denial list policy. 📺 Video: Denial List Policy 🔑 Key Highlights: Understanding and configuring denial list policies. Using namespace selectors to apply policies. Leveraging network sets with global scope for comprehensive policy management. Practical demonstr...
Introduction to Network Policies 🎥
มุมมอง 6728 วันที่ผ่านมา
Welcome to our series on Calico network policy introduction. In this first video, we cover the basics of Kubernetes and container networking and dive into the anatomy of Calico policies. 📺 Video: Introduction to Network Policies 🔑 Key Highlights: Introduction to Kubernetes networking model and the need for network policies. Understanding the structure and constructs of Calico policies. Explorin...
Identifying Policies Denying Traffic 🎥
มุมมอง 65หลายเดือนก่อน
Welcome to the next video in our policy management series using the Calico Policies Board. In this video, we focus on identifying policies that deny traffic and understanding the reasons behind them. 📺 Video: Identifying Policies Denying Traffic 🔑 Key Highlights: How to spot policies denying traffic. Understanding reasons for traffic denial, including unaccounted flows and potential malicious b...
Policy Metrics and Analysis 🎥
มุมมอง 89หลายเดือนก่อน
Welcome to our next lesson on policy metrics with Calico Cloud and Calico Enterprise. In this video, we explore how to analyze policy metrics and understand the behavior of your network policies. 📺 Video: Policy Metrics and Analysis 🔑 Key Highlights: Metrics on allowed and denied bytes per second. Recognizing and troubleshooting network policies. Analyzing specific policies for inbound and egre...
🎥 Identify Endpoints Scoped in a Policy
มุมมอง 54หลายเดือนก่อน
Mastering Policy Management with Calico UI 📺 In this video, we dive deep into policy management using the Calico Cloud and Calico Enterprise. Learn how to identify endpoints selected in a policy and understand the various selectors you can use. 🔑 Key Highlights: Define network policies and scope endpoints with a range of selectors. Understand how to identify and troubleshoot inactive policies. ...
Calico Community Meeting February 2024
มุมมอง 192 หลายเดือนก่อน
Calico Community Meeting February 2024
Calico Community Meeting December 2023
มุมมอง 22 หลายเดือนก่อน
Calico Community Meeting December 2023
Calico Community Meeting November 2023
มุมมอง 52 หลายเดือนก่อน
Calico Community Meeting November 2023
Calico Community Meeting September 2023
มุมมอง 22 หลายเดือนก่อน
Calico Community Meeting September 2023
IPv6 for Calico eBPF - How We Got There
มุมมอง 632 หลายเดือนก่อน
IPv6 for Calico eBPF - How We Got There
Scaling Calico: Design, History, and Best Practices | Technical Deep Dive
มุมมอง 583 หลายเดือนก่อน
Scaling Calico: Design, History, and Best Practices | Technical Deep Dive
Calico Multi-Cluster Connectivity: Service Discovery and Federation | Rui De Abreu
มุมมอง 493 หลายเดือนก่อน
Calico Multi-Cluster Connectivity: Service Discovery and Federation | Rui De Abreu
Implementing Calico BGP for Enhanced Multi-Cluster Connectivity
มุมมอง 773 หลายเดือนก่อน
Implementing Calico BGP for Enhanced Multi-Cluster Connectivity
Introduction to BGP and Multi-Cluster Connectivity
มุมมอง 1013 หลายเดือนก่อน
Introduction to BGP and Multi-Cluster Connectivity
Advancing Network Debugging and Policy Customization with Calico eBPF
มุมมอง 423 หลายเดือนก่อน
Advancing Network Debugging and Policy Customization with Calico eBPF
Optimizing Network Performance in Kubernetes with eBPF: Beyond IP Tables
มุมมอง 1033 หลายเดือนก่อน
Optimizing Network Performance in Kubernetes with eBPF: Beyond IP Tables
Implementing Calico BGP for Enhanced Multi-Cluster Connectivity across Cloud Environments
มุมมอง 1594 หลายเดือนก่อน
Implementing Calico BGP for Enhanced Multi-Cluster Connectivity across Cloud Environments
I am a full stack developer and at the beginning I couldn't grasp any of all this devops thing, I couldn't understand deeply in detail what docker, k8s, jenkins, iac and all that stuff was until I realised these aren't technologies about developing but networking, so I started to study networking fundamentals and suddenly all makes sense. Devops is all about networking! I wish somebody would have told me that before, I mean, I am a programmer, I am all the day thinking about patterns, features and bugs, nothing to do with devops.
Thanks, I'm looking to achieve completely isolated namespaces so that if someone gains access to a pod, they can only see pods within the same namespace. I've already tried implementing network policies, but they didn't provide sufficient isolation (with arp-scan I can see all IPs). Could you please share any additional suggestions or best practices for achieving this level of namespace isolation effectively? Thank you for your help!
If you head over to project calico's documentation website there are examples how to implement a default deny. You could also implement host endpoint policies to secure both namespace and non-namespaced resources within your cluster and establish full isolation.
Very well explained underlying details this is the way I am looking for it 👍
Gooooddddddddddddaaaaa
Nicely explained.
'promo sm' 😕
The data/control planes can be outside a Kubernetes cluster?
Speaking broadly, generally as long as the control plane is reachable from the data plane it will work - however depending on the exact technologies bandwidth/latency/reliability considerations are important. Come and chat with us at slack.projectcalico.org/ if you have a particular case in mind!
Sounds good! 💙