Skip to content

Instantly share code, notes, and snippets.

@albertocavalcante

albertocavalcante/calico-netpol-kubernetes.md

Created July 31, 2023 03:55
Show Gist options
  • Save albertocavalcante/fd0c9ff5bb526871908e50232e701219 to your computer and use it in GitHub Desktop.
Save albertocavalcante/fd0c9ff5bb526871908e50232e701219 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes Calico NetworkPolicy: Understanding Selectors with Examples
Raw
calico-netpol-kubernetes.md

Understanding Calico Selectors in Kubernetes

In Kubernetes, managing network policies is essential for controlling communication between pods. Calico is a popular open-source tool that offers a powerful and flexible way to create network policies, using selectors to define exactly what traffic is allowed or denied. This blog post will explain how these selectors work, using easy-to-understand examples.

Selector Basics

A Calico selector is like a set of rules that define what kind of pods are matched. Think of it like picking out toys from a toy box based on specific features like color, shape, or size.

Equality

  • ==: Matches if the value is equal to. Example: color == 'red' matches pods with a red color label.
  • !=: Matches if the value is not equal to. Example: color != 'red' matches pods without a red color label.

Combining Selectors with Logical Functions

You can combine multiple conditions using logical functions:

all(): All conditions must be true

Example:

selector: all(color == 'red', shape == 'star')

This matches pods that are both red and have a star shape.

any(): At least one condition must be true

Example:

selector: any(color == 'red', shape == 'star')

This matches pods that are either red or have a star shape, or both.

not(): The condition must not be true

Example:

selector: not(color == 'red')

This matches pods that are not red.

Combining Selectors with Logical Operators

You can also use logical operators like && (AND) and || (OR) to combine conditions:

Using && (AND)

This operator combines multiple conditions, and all of them must be true.

Example:

selector: color == 'red' && shape == 'star'

Using || (OR)

This operator combines conditions, and only one of them must be true.

Example:

selector: color == 'red' || shape == 'star'

Combining Both

You can use both && and || together:

Example:

selector: (color == 'red' && size == 'small') || shape == 'star'

Conclusion

Calico's selectors offer a powerful way to define network policies in Kubernetes. By understanding how to use these selectors, you can create precise rules that match exactly the pods you want to target. Whether you're defining simple policies or complex ones, selectors make it easy to describe exactly what you want.

Feel free to play around with these concepts and create your own selectors that fit your specific needs!

@albertocavalcante
Copy link
Author

albertocavalcante commented Jul 31, 2023
edited
Loading

ChatGPT suggested me the below prompt to use and get all of the above in a single shot:

Can you please provide a detailed explanation and guide about using Calico selectors in Kubernetes? I would like you to cover the following:

  • Basics of Selectors: Explain the basic comparison operators like == and !=, with examples.
    Combining Selectors with Logical Functions: Include details about using all(), any(), and not() functions, along with examples to illustrate how they work.

  • Using Logical Operators like && and ||: Show how to combine selectors using the logical operators AND and OR, including complex combinations with examples.

  • Conclusion: Summarize the key points, highlighting the importance and use cases of Calico selectors.

Please provide the entire explanation in Markdown format, including code examples in YAML, so I can easily add it to my GitHub Gist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment