Within a kubernetes cluster, there might be cases where we want to restrict communications to or from certain applications running inside pods.
To achieve that, we could use network policies which are a kubernetes resources like that pods, deployments, ...
Below is a diagram that gives us an overview of network policies:
Below is a Yaml file representing a network policy:
The network policy "network_policy_1" applies to the pods labeled "run: nginx" in the default namespace as we can see in the above Yaml file.
For the Ingress and Egress policies, if one of the rules applies to pods communicating with the"run: nginx" pods, the communication is allowed.
We could use the "ipBlock" to also filter external traffic - coming from outside of the kubernetes cluster -, while the namespaces are used mainly to filter internal traffic - within the kubernetes cluster -.