You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure NPM implementation works in conjunction with the Azure CNI that provides VNet integration for containers. NPM is supported only on Linux today. The implementation enforces traffic filtering by configuring allow and deny IP rules in Linux IPTables based on the defined policies. These rules are grouped together using Linux IPSets.
29
+
Azure NPM implementation works with the Azure CNI that provides VNet integration for containers. NPM is supported only on Linux today. The implementation enforces traffic filtering by configuring allow and deny IP rules in Linux IPTables based on the defined policies. These rules are grouped together using Linux IPSets.
30
30
31
31
## Planning security for your Kubernetes cluster
32
32
When implementing security for your cluster, use network security groups (NSGs) to filter traffic entering and leaving your cluster subnet (North-South traffic). Use Azure NPM for traffic between pods in your cluster (East-West traffic).
@@ -75,8 +75,8 @@ See a [configuration for these alerts](#set-up-alerts-for-alertmanager) below.
75
75
76
76
##### Visualizations and Debugging via our Grafana Dashboard or Azure Monitor Workbook
77
77
1. See how many IPTables rules your policies create (having a massive amount of IPTables rules may increase latency slightly).
78
-
2. Correlate cluster counts (e.g. ACLs) to execution times.
79
-
3. Get the human-friendly name of an ipset in a given IPTables rule (e.g. "azure-npm-487392" represents "podlabel-role:database").
78
+
2. Correlate cluster counts (for example, ACLs) to execution times.
79
+
3. Get the human-friendly name of an ipset in a given IPTables rule (for example, "azure-npm-487392" represents "podlabel-role:database").
80
80
81
81
### All supported metrics
82
82
The following is the list of supported metrics. Any `quantile` label has possible values `0.5`, `0.9`, and `0.99`. Any `had_error` label has possible values `false` and `true`, representing whether the operation succeeded or failed.
@@ -137,7 +137,7 @@ The dashboard has visuals similar to the Azure Workbook. You can add panels to c
137
137
### Set up for Prometheus Server
138
138
Some users may choose to collect metrics with a Prometheus Server instead of Azure Monitor for containers. You merely need to add two jobs to your scrape config to collect NPM metrics.
139
139
140
-
To install a simple Prometheus Server, add this helm repo on your cluster
140
+
To install a Prometheus Server, add this helm repo on your cluster
@@ -198,7 +198,7 @@ You can also replace the `azure-npm-node-metrics` job with the content below or
198
198
```
199
199
200
200
#### Set up Alerts for AlertManager
201
-
If you use a Prometheus Server, you can set up an AlertManager like so. Here is an example config for [the two alerting rules described above](#alerts-via-a-prometheus-alertmanager):
201
+
If you use a Prometheus Server, you can set up an AlertManager like so. Here's an example config for [the two alerting rules described above](#alerts-via-a-prometheus-alertmanager):
0 commit comments