Network Policy Controller in Weave Net
Blocking unwanted network traffic in Kubernetes
Describing the design and function of Weave Network Policy Controller, which uses iptables and ipsets to govern which Linux containers can talk to which other containers, under control of Kubernetes. The code is all written in Go, and available on GitHub under Apache Licence.
Kubernetes Network Policy is an abstract specification to define which connections are to be allowed within a Kubernetes cluster. Weave Network Policy Controller (weave-npc) is an implementation of this specification in Go, under the Apache Licence. This talk will describe the design of weave-npc; how it was built from existing components in Linux, Kubernetes and the wider Go ecosystem, how it integrates with the Linux network stack, and how it can be used to tighten security on a typical Cloud application.