Last updated:

Network Policies

Starting from v3.0.0, users can configure network policies of native Kubernetes in Kube AI Hub. Network Policies are an application-centric construct, enabling you to specify how a Pod is allowed to communicate with various network entities over the network. With network policies, users can achieve network isolation within the same cluster, which means firewalls can be set up between certain instances (Pods).

Note

Please make sure that the CNI network plugin used by the cluster supports Network Policies before you enable the feature. There are a number of CNI network plugins that support Network Policies, including Calico, Cilium, Kube-router, Romana, and Weave Net.
It is recommended that you use Calico as the CNI plugin before you enable Network Policies.

For more information, see Network Policies.

Enable the Network Policy Before Installation

Installing on Linux

When you implement multi-node installation of Kube AI Hub on Linux, you need to create a configuration file, which lists all Kube AI Hub components.

In the tutorial of Installing Kube AI Hub on Linux, you create a default file config-sample.yaml. Modify the file by executing the following command:
```
vi config-sample.yaml
```
Note

If you adopt All-in-One Installation, you do not need to create a config-sample.yaml file as you can create a cluster directly. Generally, the all-in-one mode is for users who are new to Kube AI Hub and look to get familiar with the system. If you want to enable the Network Policy in this mode (for example, for testing purposes), refer to the following section to see how the Network Policy can be installed after installation.
In this file, navigate to network.networkpolicy and change false to true for enabled. Save the file after you finish.
```
network:
  networkpolicy:
    enabled: true # Change "false" to "true".
```
Create a cluster using the configuration file:
```
./kk create cluster -f config-sample.yaml
```

Installing on Kubernetes

As you install Kube AI Hub on Kubernetes, you can enable the Network Policy first in the cluster-configuration.yaml file.

Download the file cluster-configuration.yaml and edit it.
```
vi cluster-configuration.yaml
```
In this local cluster-configuration.yaml file, navigate to network.networkpolicy and enable it by changing false to true for enabled. Save the file after you finish.
```
network:
  networkpolicy:
    enabled: true # Change "false" to "true".
```

Execute the following commands to start installation:

kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.4.1/kubesphere-installer.yaml

kubectl apply -f cluster-configuration.yaml

Enable the Network Policy After Installation

Log in to the console as admin. Click Platform in the upper-left corner and select Cluster Management.
Click CRDs and enter clusterconfiguration in the search bar. Click the result to view its detail page.

Info

A Custom Resource Definition (CRD) allows users to create a new type of resources without adding another API server. They can use these resources like any other native Kubernetes objects.
In Custom Resources, click on the right of ks-installer and select Edit YAML.
In this YAML file, navigate to network.networkpolicy and change false to true for enabled. After you finish, click OK in the lower-right corner to save the configuration.
```
network:
  networkpolicy:
    enabled: true # Change "false" to "true".
```
You can use the web kubectl to check the installation process by executing the following command:
```
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f
```
Note

You can find the web kubectl tool by clicking in the lower-right corner of the console.

Verify the Installation of the Component

If you can see the Network Policies module in Network, it means the installation is successful as this part won't display until you install the component.

Previous : Kube AI Hub Service Mesh Next : Metrics Server

What’s on this Page