• Introduction
• Problem statement
• Kubernetes Network Policy
• Proposed solution
• Representing Kubernetes Network Policy as Contrail FW Securty Policy:
• Naming Convention
• Contrail Firewall Policy
• Contrail Firewall Rule
• Illustration: 1
• Sample Kubernetes Network Policy
• Sample Contrail FW Policy
• Address Groups
• Firewall Rules
• Illustration: 2
• Default allow all ingress traffic
• Illustration: 3
• Default deny all ingress traffic.
• Illustration: 4
• Default allow all egress traffic.
• Illustration: 5
• Default deny all egress traffic.
• Illustration: 6
• Default deny all ingress and egress traffic.
• Cluster-wide Action Enforcement
• Implementation
• Limitation / Errata
• Troubleshooting
• Network Policy created in Kubernetes
• Validate that network policy is successfully created in Kubernetes.
• Validate that network policy has the intended spec.
• Contrail kube-manager is notified of Network Policy create
• Contrail kube-manager creates Contrail config objects.
• Data path is programmed
• References
• FAQ