Kubernetes 101 : Securing the communication between the pods - Network Policies -

Within a kubernetes cluster, there might be cases where we want to restrict communications to or from certain applications running inside pods.

To achieve that, we could use network policies which are a kubernetes resources like that pods, deployments, ...

Below is a diagram that gives us an overview of network policies:

Below is a Yaml file representing a network policy:

The network policy "network_policy_1" applies to the pods labeled "run: nginx" in the default namespace as we can see in the above Yaml file.

For the Ingress and Egress policies, if one of the rules applies to pods communicating with the "run: nginx" pods, the communication is allowed.

Remark:

We could use the "ipBlock" to also filter external traffic - coming from outside of the kubernetes cluster -, while the namespaces are used mainly to filter internal traffic - within the kubernetes cluster -.

Post a Comment

Labels#Kubernetes

IkbalC

Random thoughts, and observations about our daily lives, to make us reflect about life in general.