Slide 14
Slide 14 text
@andrew_randall @iaguis @kinvolkio
Extensions to Network Policy
❏ Global (cluster-wide) policy
❏ Application layer policy (http/grpc rules)
❏ Host policy
❏ More selectors (service accounts)
❏ More protocols (e.g. ICMP)
❏ Allow or deny (+ ordering)
❏ Network Sets (defined set of CIDRs)
❏ Packet handling (e.g. disable conntrack)
❏ Cluster-wide policy
❏ L7 policy (http, grpc, kafka, memcached,
cassandra, extendable via Go extensions)
❏ Host policy
❏ More selectors (Service, Entity, DNS,
cloud metadata)
❏ More protocols (e.g. ICMP)
❏ SSL termination / cert injection
❏ DDoS protection via denylist (ingress)
❏ Deny rules (beta)
❏ Packet handling (e.g. disable conntrack)
+ all the product-specific features (e.g. for
monitoring/troubleshooting) — this is not an
exhaustive comparison of these projects!