Cloud Computing, DevOps, Kubernetes

2 Mins Read

Empowering Security and Control with Kubernetes Network Policies

Voiced by Amazon Polly

Introduction

Network Policies is a Kubernetes resource that controls the traffic between pods. Network policy lets you secure access to and from their applications. The primary goal of network policies is to enhance the security and segmentation of your Kubernetes cluster. By default, pods in a Kubernetes cluster can communicate with each other freely, regardless of their location or purpose. However, you may want to restrict this communication to specific pods or namespaces in many scenarios.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

What is Network Policy?

Network policy is Kubernetes resource which controls traffic between pods. They allow you to define rules that determine which pods can communicate with each other and what types of communication are permitted. To route the traffic, it uses labels to select the pod and direct the traffic toward those pods.

Network policies provide a fine-grained level of control over pod-to-pod communication, enhancing security and isolation within the cluster.

Network policies are applied to CNI plugins, and there are some popular CNI plugins like Calico, weavenet.

network

Image Source:  k21academy

How does Network Policy Work?

There can be numerous situations when you permit or deny traffic from any specific or different sources.

       Rules:

  • Traffic is allowed if no policy is applied.
  • Communication is denied if the policy is applied.
  • Traffic is allowed if there is one policy that allows it.

Network Policy Specification

  • PodSelector: This selects the particular pod in the specified namespace for ingress or egress of traffic.
  • Policy Types: This includes ingress or egress arguments that need to mention.
  • Ingress: This includes the inbound traffic.
  • Egress: This includes the outbound traffic.

Default Network Policies

  1. Deny all ingress Traffic: This will deny all incoming traffic.

2. Allow all ingress Traffic: This will all incoming traffic. 

  1. Deny all Egress Traffic: This will deny all outbound traffic.

4. Allow all Egress Traffic: This will all outbound traffic. 

Custom Network policies

We have three namespaces named ns1, ns2, ns3, and pods under each namespace. We want only pods under ns1 to allow traffic only from pods under ns3 on port 80. 

Conclusion

Kubernetes network policies offer a powerful means to enforce network-level security & control within a Kubernetes cluster. By defining and applying these policies, you can enhance the isolation of your applications, restrict communication to specific pods, and mitigate potential security risks within the cluster.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. How is network policy enforced?

ANS: – Network policies are enforced by the Network CNI plugin. CNI is installed in Kubernetes clusters like Calico or weavenet.

2. What is the purpose of network policy?

ANS: – Policy determine which Pods and Services can access one another inside your cluster. Defining network policy helps you enable things like defense in depth when your cluster is serving a multi-level application.

3. Are network policies namespace-specific in Kubernetes?

ANS: – Network policies in Kubernetes are namespace-specific by default. When you create a network policy, it is associated with a specific namespace. The policy only affects the pods within that namespace. This allows you to define different network policies for different namespaces, providing isolation and granular control over network traffic between pods in different namespaces.

WRITTEN BY Shubh Dadhich

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!