Network Policies

Ingress

Network policies can be used to restrict and allow the inter Pod communication by placing what sort of traffic can flow into and outside the pod namely

Ingress for traffic entering the pod.
Egress for traffic leaving the pod.

Let us assume in our case we would like to make sure that our database pod is able to receive requests, for the traffic to enter the database we need to add the Ingress Policy rule.

Response to Ingress Request is NOT Egress

It is important to understand that all the responses to the ingress requests are allowed by the default policy and NOT considered as Egress.
Egress would be when the Database or the Pod in question is the origin of the requests i.e. making a request to a API server etc.

Ingress and Egress
Link to original

To make sure that certain pods from certain namespaces can reach the pod we need to use the namespaceSelector property, if we only have the namespace selector and not the pod selector, all the pods from the given Namespaces can access the database pod, using ipBlock we can make sure that only the pods with the whitelisted / the defined IP addresses can access the database pod.

Egress

This the same as ingress in terms of configuring but we would define the same information in the to section, a good example would be that we have a worker that would take backups and push these to a backup server

Quartz 5

Explorer

Network Policies

Network Policies

Ingress

Ingress and Egress

Egress

Graph View

Table of Contents

Backlinks