[kwlug-disc] Paranoid network as selling point for kubernetes

[Mikalai Birukou]

If I read this 
https://kubernetes.io/docs/concepts/services-networking/network-policies/ 
correctly,

NetworkPolicy kind descriptor is the way to say what pods (running 
process?) is allowed to connect to, and how in/out/port, all based on 
human readable labels.

It is way longer than network description in docker swarm/compose, but 
level of control is greater. From a paranoid point of view, I am sold on 
kubernetes. Make some auto-generation of these policies as part of ci 
pipeline, and it flows by itself after that.