Cloud Intermediate

Kubernetes Network Policies¶

KubernetesNetwork PolicySecurity 3 min read

Síťový firewall v Kubernetes. Ingress a egress pravidla, namespace izolace.

Default Deny¶

# Zamkni vše — default deny
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
  namespace: production
spec:
  podSelector: {}
  policyTypes: [Ingress, Egress]

Selektivní povolení¶

# Povol traffic jen od frontend k API
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-api
spec:
  podSelector:
    matchLabels: {app: api}
  ingress:
    - from:
        - podSelector:
            matchLabels: {app: frontend}
      ports:
        - {protocol: TCP, port: 8080}

Summary¶

Network Policies = mikrosegmentace v K8s. Začněte default deny, pak povolujte explicitně.

Need Help with Implementation?¶

Our team has experience designing and implementing modern architectures. We’re happy to help.

Free Consultation

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Kubernetes Network Policies

Kubernetes Network Policies¶

Default Deny¶

Selektivní povolení¶

Summary¶

Need Help with Implementation?¶

CORE SYSTEMS tým

Další know-how

OpenStack — building a private cloud from scratch

Container orchestration: Kubernetes vs Mesos vs Swarm

Kubernetes 1.0: Production Container Orchestration Is Here