Giter Site home page Giter Site logo

netbird-sidecar's Introduction

Automatically Inject Netbird with Kyverno ClusterPolicy

This guide details how to automatically inject Netbird as a sidecar container into deployments using a Kyverno cluster policy. Kyverno enforces policies as an admission control, validating Kubernetes resources before admitting them into the cluster.

Optional Local Network Route Fix

An init container can be optionally included to address local network routes and ensure routing through the exit node.

Prerequisites

  • A Kubernetes cluster (Amazon EKS was used in this example)

Steps

  1. Install Kyverno

    helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update
helm install kyverno --namespace kyverno kyverno/kyverno --create-namespace

  2. Create Netbird Configuration Secret

    Create a Kubernetes secret named netbird in the default namespace to store Netbird configuration details. Replace the placeholder with your actual setup key:

    kubectl create secret generic netbird -n default \
    --from-literal=NB_SETUP_KEY='your_netbird_setup_key' \
    --from-literal=EXTRA_SUBNETS='192.168.0.0/16,172.20.0.0/16'  # Optional comma-separated extra subnets

  3. Create ConfigMap Script (Optional)

    If you want to fix local network routes and route traffic through the exit node during initialization, create a ConfigMap named netbird-init in the default namespace. Include your init script named nb-init.sh within the ConfigMap.

    kubectl create configmap netbird-init -n default --from-file=nb-init.sh

  4. Create Kyverno ClusterPolicy

    Apply the kyverno-clusterpolicy.yaml file containing the Kyverno policy definition. This policy looks for deployments with the annotation netbird.io/inject: "true" and automatically injects the Netbird sidecar container.

    kubectl apply -f kyverno-clusterpolicy.yaml

  5. Test with Deployment Example

    Deploy a test deployment with the netbird.io/inject: "true" annotation in the deployment.yaml file and apply it to the default namespace. Kyverno will automatically inject the Netbird container during deployment.

    kubectl apply -f deployment.yaml -n default

This process automates Netbird injection for deployments marked for the sidecar container, streamlining your configuration management and ensuring consistent network management with Netbird.

netbird-sidecar's People

Contributors

pablomfc avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.