K8s Policies

Kubernetes network policies specify how groups of pods are allowed to communicate with each other and other network endpoints. Each policy is represented as an instance of the K8s resource NetworkPolicy. A policy uses labels to select a grouping of pods and specifies a list of rules that determine which traffic is allowed to and from the selected pods. Contivpp.io implements the Kubernetes Network API, including egress policies and IP blocks.

Read More
K8s Services

Service is a Kubernetes abstraction providing a convenient single entry point of access to a group of pods. In other words, a service can be thought of as a dynamic loadbalancer for a set of pods (and the containers living inside them), automatically managed by the K8s framework itself. The set of Pods targeted by a Service is (usually) determined by a Label Selector. Contivpp.io supports the mapping of k8s services to the VPP dataplane.

Read More
Networking

This section describes the network operation of the Contivpp.io k8s network plugin. It elaborates on the operation and config options of the Contivpp.io IPAM, as well as details on how VPP is programmed by the contivpp.io control plane.

Read More
Packetflow

Based on K8s policies and services along with reachability requirements, Contivpp will “wire up” the network. Once done, there will be a number of different paths traversed by payloads between pods in different topologies. The diverse paths generate different packets flows for the most part.

Read More