Network Policies

Network Policies control the traffic flow between pods and network endpoints in a Kubernetes cluster. They define rules based on pod labels and namespaces to allow or deny traffic.

Key Concepts:

Ingress: Controls incoming traffic to pods
Egress: Controls outgoing traffic from pods
PodSelector: Targets specific pods based on labels

Example: Deny All Ingress

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress

Example: Allow Ingress from Specific Pod

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend

Network policies require a network plugin that supports them, such as Calico or Cilium.

← Prev Next →