NetworkPolicy
Definition
A NetworkPolicy is a Kubernetes resource used to control the traffic flow between pods, namespaces, and external networks. It defines rules that specify which connections are allowed or denied, enhancing the security posture of a Kubernetes cluster by limiting unnecessary communication paths. NetworkPolicies are crucial for implementing a zero-trust network model within Kubernetes environments, ensuring that only authorized traffic is permitted.
Secure Settings Example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-specific-traffic
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: frontend
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
role: backend
ports:
- protocol: TCP
port: 80
egress:
- to:
- podSelector:
matchLabels:
role: database
ports:
- protocol: TCP
port: 5432
Insecure Settings Example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all
namespace: my-namespace
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- {} # Allows all incoming traffic
egress:
- {} # Allows all outgoing traffic