sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 15:36:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update kubernetes-operator helm and generated policies docs (#310)

Browse Source
This commit is contained in:
M. Essam
2025-04-24 20:47:15 +02:00
committed by GitHub
parent 0bb6339f29
commit e98d360f46
1 changed files with 33 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/pages/how-to/kubernetes-operator.mdx
View File

@@ -16,13 +16,10 @@ seamlessly access your Kubernetes services and control plane from your NetBird n
- Access to a Kubernetes v1.11.3+ cluster.
- (Recommended) Cert Manager.
### Installation
You have two methods of installing the NetBird Kubernetes operator: using Helm or the install.yaml file.
#### Using Helm
1. Add helm repository.
```shell
helm repo add netbirdio https://netbirdio.github.io/kubernetes-operator
helm repo add netbirdio https://netbirdio.github.io/helms
```
2. (Recommended) Install [cert-manager](https://cert-manager.io/docs/installation/#default-static-install) for k8s API to communicate with the NetBird operator.
```shell
@@ -77,16 +74,6 @@ The configuration or version update of the operator can be done with `helm upgra
helm upgrade --create-namespace -f values.yaml -n netbird netbird-operator netbirdio/kubernetes-operator
```
#### Using install.yaml
<Note>
install.yaml only includes a very basic template for deploying a stripped-down version of Kubernetes-operator.
This option does not include any configurations for ingress capabilities and requires the cert-manager to be installed.
</Note>
```shell
kubectl create namespace netbird
kubectl apply -n netbird -f https://raw.githubusercontent.com/netbirdio/kubernetes-operator/refs/heads/main/manifests/install.yaml
```
## Expose Kubernetes Control Plane to your NetBird Network
To access your Kubernetes control plane from a NetBird network, you can expose your Kubernetes control plane as a
[NetBird resource](/how-to/networks#resources) by enabling the following option in the operator values:
@@ -231,6 +218,38 @@ The operator will create a policy in your management account similar to the one
You can reference multiple policy bases using a comma separated list of policy bases: `netbird.io/policy: "app-users,app-admins"`
### Policy auto-creation
1. Ensure `ingress.allowAutomaticPolicyCreation` is set to true in the Helm chart and apply.
2. Annotate a service with `netbird.io/policy` with the name of the policy as a kubernetes object, for example `netbird.io/policy: default`. This will create an NBPolicy with the name `default-<Service Namespace>-<Service Name>`.
3. Annotate the same service with `netbird.io/policy-source-groups` with a comma-separated list of group names to allow as a source, for example `netbird.io/policy-source-groups: dev`.
4. (Optional) Annotate the service with `netbird.io/policy-name` for a human-friendly name, for example `netbird.io/policy-name: "default:Default policy for kubernetes cluster"`.
Example:
```yaml
apiVersion: v1
kind: Service
metadata:
name: app
annotations:
netbird.io/expose: "true"
netbird.io/groups: "app-access"
netbird.io/policy: "app-users"
netbird.io/policy-source-groups: "dev"
netbird.io/policy-name: "dev:Developers to app"
spec:
selector:
app: app
ports:
- protocol: TCP
port: 8080
targetPort: 80
type: ClusterIP
```
<Note>
If a policy already exists with the name specified in `netbird.io/policy`, the other settings will be ignored in favor of the existing policy.
</Note>
## Accessing Remote Services Using Sidecars
To access services running in different locations from your Kubernetes clusters, you can deploy NetBird sidecars—additional
containers that run alongside your Kubernetes service containers within the same pod.