Kubernetes: Network Policy

A network Policy is a resource in kubernetes that allows a cluster administrator isolate and control how pods communication takes place within the cluster. it is like a firewall for software. A Network policy is scoped under a namespace. it uses labels to select pods and define rules. pods selected by a network policy are isolated. below are example of network policies. Network policy is currently supported by multiple provider s such as Weave, Calico, Contiv and some other. the cluster administrator decides which CNI to go with.

allow all network policy.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-all
spec:
  podSelector:
  ingress:
  - {}  

deny all traffic to pod with label frontend network policy

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all
spec:
  podSelector:
    matchLabels:
      app: frontend
  ingress: []

The network policy below will only allow pods that match selected label to send and received traffic only from each other.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-only-selected
spec:
  podSelector:
    matchLabels:
      app: bookstore
      role: db
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: bookstore
          role: search
    - podSelector:
            matchLabels:
              app: bookstore
              role: api
    - podSelector:
            matchLabels:
              app: inventory
              role: web
  egress:
  - to:
    - podSelector:
        matchLabels:
          app: bookstore
          role: search
    - podSelector:
            matchLabels:
              app: bookstore
              role: api
    - podSelector:
            matchLabels:
              app: inventory
              role: web

One thought on “Kubernetes: Network Policy”

Leave a Reply to Simisola Cancel reply

Your email address will not be published. Required fields are marked *