Skip to main content

Extending the deployments with network policies

A Network Policy can regulate what can talk to what.

Simply put, if you don't want your database to talk to anything other than a specific service, you can use a network policy like this:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: my-app
ports:
- protocol: TCP
port: 5432
egress:
- to:
- podSelector:
matchLabels:
app: my-app
ports:
- protocol: TCP
port: 5432

to restrict traffict to the database.

important

A NetworkPolicy without a Network plugin in the cluster will not do anything.

A networking plugin is a CNI like calico.

Kind has its own CNI implementation using kindnet.