Azure CNI
Versions Supported
- 1.4.x
Make sure to use Azure CNI with the Windows Operating System as the kubenet CNI is not available for the Windows environment.
Azure CNI Policy Support
Network Policy is a Kubernetes specification that defines access policies for communication between pods. By default, Azure AKS cluster pods can send and receive traffic without limitations. However, to ensure security, rules to control traffic flow can be defined. Network Policies define an ordered set of rules to send and receive traffic and applies them to a collection of pods that match one or more label selectors. Palette supports Network Policies to be included as part of a wider manifest that also creates a deployment or service. Palette leverages two Network Policies from Azure CNI:
-
azure: Azure's own implementation, called Azure Network Policy.
-
calico: An open-source network and network security solution developed by Tigera.
-
none: No network policy is applied. Use this option if you do not want to apply any network policy.
Update the pack YAML's networkPolicy field to apply the desired network policy. The default value is calico.
pack:
networkPolicy: "none"
If you are comparing Azure Network Policy with other Network Policy engines, refer to the Differences between Network Policy engines: Cilium, Azure NPM, and Calico.
Terraform
Use the following Terraform snippet to reference the Azure CNI pack in your Terraform template. Update the version number as needed.
data "spectrocloud_registry" "public_registry" {
name = "Public Repo"
}
data "spectrocloud_pack_simple" "calico" {
name = "cni-azure"
version = "1.4.0"
type = "helm"
registry_uid = data.spectrocloud_registry.public_registry.id
}