Extending the deployments with network policies
A Network Policy can regulate what can talk to what.
Simply put, if you don't want your database to talk to anything other than a specific service, you can use a network policy like this:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: my-app
ports:
- protocol: TCP
port: 5432
egress:
- to:
- podSelector:
matchLabels:
app: my-app
ports:
- protocol: TCP
port: 5432
to restrict traffict to the database.
important
A NetworkPolicy without a Network plugin in the cluster will not do anything.
A networking plugin is a CNI like calico.
Kind has its own CNI implementation using kindnet
.