Overview

add
arrow_back

New Article

https://devops-blog.com/p/

Kubernetes Network Policies are crucial for securing your cluster networking. By default, pods are non-isolated; they accept traffic from any source. In this guide, we will explore how to restrict traffic effectively.

Understanding the Basics

A NetworkPolicy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  ingress:
  - from:
    - ipBlock:
        cidr: 172.17.0.0/16
        except:
        - 172.17.1.0/24
    - namespaceSelector:
        matchLabels:
          project: myproject
    - podSelector:
        matchLabels:
          role: frontend
    ports:
    - protocol: TCP
      port: 6379

The example above demonstrates a simple policy that restricts ingress traffic to pods with the label role: db.

Best Practices

Always start with a default deny policy for your namespaces. This ensures that you explicitly allow traffic only where necessary.

p: HTML
Words: 142Characters: 980Reading time: 1 min
search

Search Engine Optimization

51/60 characters

134/160 characters

kubernetessecuritynetworking

Publishing

calendar_today
rev. 12

Author

Sarah L.Editor in Chief
person_search

Taxonomy

Used for search and related posts.

Featured Image

Preview
cloud_uploadReplace Image

Recommended size: 1200x630px