What Are Kubernetes Network Policies?

What Are Kubernetes Network Policies?

Kubernetes network policies are a way to control the traffic between pods in a Kubernetes cluster. Kubernetes network policy allows to access permission to the groups of pods, a small execution unit in Kubernetes. Kubernetes network policies are supported through a Network policy object, which is basically a Kubernetes resource. They can be used to restrict access to pods, allow only certain types of traffic, or even create isolated networks within a cluster....

Why Use Kubernetes Network Policies?

Kubernetes network policies can be used to improve the security of your cluster by restricting access to pods. They can also be used to improve the performance of your cluster by isolating traffic between pods. And they can be used to improve the reliability of your cluster by creating isolated networks that can be rolled back or restarted independently. If you want to control a kind of traffic at the IP address or port level then these network policy allows to pathway to make it effective. It allows us to follow some specific rules to clear the cluster or traffic at the port and also between pods and the outside world. Requests are taken as input in the work plugin and authorized by the system with the help of network policy....

How do Kubernetes Network Policies Work?

Initially, in a Kubernetes cluster, all pods are considered non-isolated systems and are free to connect with other pods of different sources. Now, consider policy named policy 1 to pod A this pod is a targeting pod because the policy is granted at this pod. The policy allows under the rules to pod A to talk to pod B. Target pod A can talk to pod B, and can talk to pod B only, because B is the only pod you allowed in the policy. Due to the nature of the policy rules, you can call the rule a whitelist. For target pod A only, any connections that are not explicitly allowed by the whitelist of this network policy 1 will be rejected. You don’t need to explicitly define this in policy1, because it will be enforced by the nature of Kubernetes network policy. Let’s call this implicit policy the deny-all policy. As for other non-targeted pods, for example, pod B or pod C, which are not applied with policy1, nor to any other network policies, will continue to follow the allow-any-any model. Therefore they are not affected and can continue to communicate to all other pods in the cluster. This is another implicit policy, an allow-all policy....

How To Create Kubernetes Network Policies?

To use network policies for Kubernetes you must be using a network solution as network policies are implemented by network plugins. Kubernetes network policies are created using the kubectl command-line tool....

Post Kubernetes Network Policies Creation

After successfully creating policy 1 for Kubernetes, let’s examine the accessing of the HTTP server in the webserver-dev pod from pod client-1 dev, client jtac, and node cent 222...

Examples of Kubernetes network policies

Here are some examples of Kubernetes network policies:...

Conclusion

Initially, in a Kubernetes cluster, all pods are non-isolated by default and they work in an allow-any-any model so any pod can talk to any other pod. Now apply a network policy named policy1 to pod A. In policy policy1 you define a rule to explicitly allow pod A to talk to pod B. In this case let’s call pod A a target pod because it is the pod that the network policy will act on....