Network policies
Networks policies provide the way to control traffic between pod and services withing the cluster in Kubernetes. There are multiple reasons why to use them:
- security - network policies allow to restrict access to/from pods and limit exposure by defining which pods are allowed to communicate
- isolation - can be achieved on namespace level or on application level by defining which services can communicated with each other
- compliance - network policies can help meet regulatory requirements
In next chapters described CNI plugins will be used to secure traffic for each of the tools listed in chapter Connect The Dots. In order to demonstrate usage of network policies for each CNI plugin there will be prepared examples:
- How to allow / deny traffic from other namespace ?
- How to allow / deny traffic from specific IP range ?
- How to generate logs for specific traffic ?