You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/use-network-policies.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ Azure provides two ways to implement network policy. You choose a network policy
34
34
35
35
To enforce the specified policies, Azure Network Policy Manager for Linux uses Linux *IPTables*. Azure Network Policy Manager for Windows uses *Host Network Service (HNS) ACLPolicies*. Policies are translated into sets of allowed and disallowed IP pairs. These pairs are then programmed as `IPTable` or `HNS ACLPolicy` filter rules.
36
36
37
-
## Compare Azure Network Policy Manager and Calico network policy
37
+
## Differences between Azure Network Policy Manager and Calico network policy and their capabilities
@@ -74,10 +74,9 @@ To see network policies in action, you create an AKS cluster that supports netwo
74
74
75
75
To use Azure Network Policy Manager, you must use the [Azure CNI plug-in][azure-cni]. Calico network policy could be used with either this same Azure CNI plug-in or with the Kubernetes CNI plug-in.
76
76
77
-
The following example script:
77
+
The following example script creates an AKS cluster with system-assigned identity and enables network policy by using Azure Network Policy Manager.
78
78
79
-
- Creates an AKS cluster with system-assigned identity and enables network policy by using Azure Network Policy Manager.
80
-
- To use Calico as the network policy option instead, use the `--network-policy calico` parameter. Calico could be used with either `--network-plugin azure` or `--network-plugin kubenet`.
79
+
To use Calico as the network policy option instead, use the `--network-policy calico` parameter. Calico could be used with either `--network-plugin azure` or `--network-plugin kubenet`.
81
80
82
81
Instead of using a system-assigned identity, you can also use a user-assigned identity. For more information, see [Use managed identities](use-managed-identity.md).
83
82
@@ -95,7 +94,7 @@ $LOCATION=canadaeast
95
94
96
95
Create the AKS cluster and specify `azure` for the `network-plugin` and `network-policy`.
Create a username to use as administrator credentials for your Windows Server containers on your cluster. The following command prompts you for a username. Set it to `$WINDOWS_USERNAME`. Remember that the commands in this article are entered into a BASH shell.
163
+
Create a username to use as administrator credentials for your Windows Server containers on your cluster. The following command prompts you for a username. Set it to `$WINDOWS_USERNAME`. Remember that the commands in this article are entered into a Bash shell.
165
164
166
165
```azurecli-interactive
167
166
echo "Please enter the username to use as administrator credentials for Windows Server containers on your cluster: " && read WINDOWS_USERNAME
@@ -201,7 +200,7 @@ If you plan on adding Windows node pools to your cluster, include the `windows-a
201
200
>
202
201
> For clusters with only Linux node pools running Kubernetes 1.20 with earlier versions of Calico, the Calico version automatically upgrades to 3.17.2.
203
202
204
-
Create a username to use as administrator credentials for your Windows Server containers on your cluster. The following command prompts you for a username. Set it to `$WINDOWS_USERNAME`. Remember that the commands in this article are entered into a BASH shell.
203
+
Create a username to use as administrator credentials for your Windows Server containers on your cluster. The following command prompts you for a username. Set it to `$WINDOWS_USERNAME`. Remember that the commands in this article are entered into a Bash shell.
205
204
206
205
```azurecli-interactive
207
206
echo "Please enter the username to use as administrator credentials for Windows Server containers on your cluster: " && read WINDOWS_USERNAME
0 commit comments