By Pradeep Kudukkil — Mar 8, 2025

Kubernetes Network Policy: Limit Traffic Between Frontend and Backend Pods

Real-World Use Case: Restricting traffic to backend services by only allowing communication from the frontend namespace helps ensure a secure separation of duties, where only trusted services can interact with sensitive backend applications.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: backend
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend

Testing the Policy:

Create pods in both namespaces:

kubectl create ns frontend
kubectl create ns backend
kubectl label namespaces frontend name=frontend
kubectl run backend-pod --image=busybox --restart=Never --labels=app=backend -n backend -- sleep 3600
kubectl run frontend-pod --image=busybox --restart=Never -n frontend -- sleep 3600

Access the frontend pod and try to connect to the backend pod

kubectl exec -n frontend -it frontend-pod -- sh
ping backend-ip

Expected Result: The ping should succeed since the frontend pod is allowed to connect to the backend pod.

Deleting Pods, Namespaces, and Network Policy:

kubectl delete pod frontend-pod -n frontend
kubectl delete pod backend-pod -n backend
kubectl delete ns frontend
kubectl delete ns backend
kubectl delete networkpolicy allow-frontend -n backend

Kubernetes Network Policy: Limit Traffic Between Frontend and Backend Pods

Kubernetes Network Policy: Deny All Traffic for Better Cluster Isolation

Kubernetes Network Policy Allow Only HTTP Traffic to Your Web Application