Defining a Network Policy
To specify which pods are covered by the policy, you can use a variety of selectors, including namespace selectors, CIDR blocks, and pod selectors. You can use these criteria to make the policy only target particular pods, namespaces, or network regions.
Basic network isolation is provided via the Kubernetes plugin, which is a default feature of Kubernetes and appropriate for basic use cases. More sophisticated network plugins, however, may offer further capabilities like network policies, which let you create and implement network security guidelines.
It is crucial to remember that network policies are additive, which means that they are applied to a group of pods in combination rather than one after the other. This means that the final set of rules for a set of pods is formed by combining the policies that apply to the same set of kubernetes pods. The policies won’t be enforced if they contradict how they apply to linked pods. For instance, two services cannot connect to one another if their communication policies clash.
kubernetes Network Policlies
Everyone agrees that Kubernetes clusters are insecure by default. But the good news is that Kubernetes provides the tools to make that happen. In this article, we’re going to learn about one of the resources that K8s provides straight out of the box to help make your deployed apps more secure: Network policies.
A Kubernetes network policy specifies how pods can communicate with one another and other network endpoints in a Kubernetes cluster. Network policies provide fine-grained control over network traffic, allowing you to partition your network and secure your applications. They allow you to set incoming and outgoing traffic rules for pods and are implemented in the Kubernetes cluster using a CNI plugin like Calico or Weave Net.