Skip to content

Commit 6d4852c

Browse files
achevuruachevuru
authored
Update README.md (#29)
1 parent 30b852a commit 6d4852c

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

README.md

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,14 @@
11
## Amazon Network Policy Controller for Kubernetes
22

3-
Kubernetes controller for NetworkPolicy resources for the [Amazon VPC CNI](https://github.com/aws/amazon-vpc-cni-k8s/).
3+
Controller for Kubernetes NetworkPolicy resources.
44

5-
This controller resolves the pod addresses for the configured network policies and publishes them via the CustomResourceDefinition `policyendpoints.networking.k8s.aws` for the VPC CNI node agent to consume.
6-
7-
📝 EKS Customers do not need to install this controller. Review the instructions in the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html). EKS installs and manages it automatically. This controller is for self managed clusters, such as [kops](https://kops.sigs.k8s.io) clusters.
5+
Network Policy Controller resolves the configured network policies and publishes the resolved endpoints via Custom CRD (`PolicyEndpoints`) resource.
86

97
## Getting Started
108

11-
The controller image is published to AWS ECR.
12-
The directory `config/default` contains a default configuration for deploying the controller.
9+
When you create a new Amazon EKS cluster, the network policy controller is automatically installed on the EKS control plane. It actively monitors the creation of network policies within your cluster and reconciles policy endpoints. Subsequently, the controller instructs the node agent to create or update eBPF programs on the node by publishing pod information through the policy endpoints. Network policy controller configures policies for pods in parallel to pod provisioning, until then new pods will come up with default allow policy. All ingress and egress traffic is allowed to and from the new pods until they are reconciled against the existing policies. To effectively manage network policies on self-managed Kubernetes clusters, you need to deploy a network policy controller on a node.
10+
11+
Stay tuned for additional instructions for installing Network Policy Controller on nodes. The controller image is published to AWS ECR.
1312

1413
The controller does not require any IAM policies. It does not make AWS API calls.
1514

0 commit comments

Comments
 (0)