_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Network Policies in Kubernetes

14. 09. 2025 1 min read intermediate

Without network policies, every pod can communicate with every other pod. Default deny + explicit allow is the foundation.

Default Deny

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: [Ingress, Egress]

Allowing Specific Communication

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-frontend-to-api spec: podSelector: matchLabels: app: api ingress: - from: - podSelector: matchLabels: app: frontend ports: - port: 8080 egress: - to: - podSelector: matchLabels: app: postgres ports: - port: 5432

Key Takeaway

Default deny all, then allow explicitly. Requires CNI plugin (Calico, Cilium).

securitykubernetesnetwork policy
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

Kubernetes Security Hardening

Bezpečný K8s cluster. RBAC, network policies, pod security, secrets.

Secrets in Kubernetes

How to properly manage secrets in K8s. External Secrets, Sealed Secrets, Vault.

Kubernetes RBAC — Access Control in a Multi-Tenant Cluster

RBAC in Kubernetes 1.6 finally enables granular access control. How we set up isolation for multiple teams in a...