Security Groups for Pods
Definition
Security Groups for Pods refer to the network security configurations applied to Kubernetes pods to control inbound and outbound traffic. These configurations are typically implemented using network policies that define rules for traffic flow between pods, namespaces, and external networks. The primary goal is to ensure that only authorized traffic is allowed, thereby reducing the attack surface and enhancing the security posture of the Kubernetes environment.
Secure Settings Example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-specific-traffic
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: backend
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 80
egress:
- to:
- podSelector:
matchLabels:
role: database
ports:
- protocol: TCP
port: 5432
Insecure Settings Example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-traffic
namespace: my-namespace
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- {} # Allows all incoming traffic
egress:
- {} # Allows all outgoing traffic