Network Policies

Kubernetes Network Policies are a powerful mechanism for controlling network traffic within a cluster. They define rules that govern how pods can communicate with each other and with external services. By carefully configuring network policies, you can enforce isolation, security, and traffic management within your Kubernetes environment.

Components of a Network Policy:

• PodSelector: Specifies the pods that the network policy applies to.

• Ingress: Defines rules for incoming traffic to pods.

• Egress: Defines rules for outgoing traffic from pods.

• PolicyTypes: Specifies the type of policy, which can be "Ingress", "Egress", or both.

Network Policy Rules:

• NamespaceSelector: Specifies the namespaces that the policy applies to.

• PodSelector: Specifies the pods that the policy applies to.

• Protocol: Specifies the network protocol (e.g., TCP, UDP).

• Port: Specifies the port number.

• IPBlock: Specifies a range of IP addresses.

• From: Specifies the source of the traffic.

• To: Specifies the destination of the traffic.

An example NetworkPolicy might look like this:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - ipBlock:
        cidr: 172.17.0.0/16
        except:
        - 172.17.1.0/24
    - namespaceSelector:
        matchLabels:
          project: myproject
    - podSelector:
        matchLabels:
          role: frontend
    ports:
    - protocol: TCP
      port: 6379
  egress:
  - to:
    - ipBlock:
        cidr: 10.0.0.0/24
    ports:
    - protocol: TCP
      port: 5978