Sign in Subscribe
By Pradeep Kudukkil

Kubernetes Network Policy: Deny All Traffic for Better Cluster Isolation

Kubernetes Network Policy: Deny All Traffic for Better Cluster Isolation

Real-World Use Case: Implementing a deny-all traffic policy ensures that no pod can communicate with others unless explicitly allowed, offering maximum isolation and enhanced security in your Kubernetes cluster.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Testing the Policy:

Create two pods:

kubectl run pod-a --image=busybox --restart=Never -- sleep 3600
kubectl run pod-b --image=busybox --restart=Never -- sleep 3600

Access pod-a and try to communicate with pod-b:

kubectl exec -it pod-a -- sh
ping pod-b-ip

Expected Result: The ping should fail due to the deny-all policy blocking all traffic.

Deleting Pods and Network Policy:

kubectl delete pod pod-a
kubectl delete pod pod-b
kubectl delete networkpolicy deny-all -n default
Previous

How to Install MicroK8s on Ubuntu

 Next

Kubernetes Network Policy: Limit Traffic Between Frontend and Backend Pods