Skip to content

Network Policy

Spicy — senior dev territoryCloud & Infra

ELI5 — The Vibe Check

Network policies in Kubernetes are like firewall rules for pods. By default, every pod can talk to every other pod — which is fine until you realize your frontend pods can directly access the database. Network policies let you say 'only the API pods can talk to the database pod.' It's micro-firewall rules for your microservices.

Real Talk

Kubernetes Network Policies are resources that control traffic flow between pods and/or network endpoints. They use label selectors to define which pods can communicate, supporting ingress and egress rules based on pod labels, namespaces, and IP blocks. They require a CNI plugin that supports NetworkPolicy (Calico, Cilium, Weave Net).

Show Me The Code

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: db-access
spec:
  podSelector:
    matchLabels:
      app: database
  policyTypes: ["Ingress"]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: api
      ports:
        - port: 5432

When You'll Hear This

"Network policies restrict database access to only the API pods." / "Without network policies, any pod in the cluster can talk to any other pod."

Related Terms

Cloud Firewall

A cloud firewall is a virtual bouncer that controls what traffic can enter and leave your cloud resources.

intermediateCloud & Infra

Kubernetes

Kubernetes is a robot manager for your containers.

advancedCI/CD & DevOps

Microsegmentation

Microsegmentation is network segmentation dialed up to 11. Instead of segmenting by subnet, you create rules for EVERY workload.

advancedSecurity

Security Group

A security group is a firewall for your cloud resources. You write rules like 'allow port 443 from anywhere' or 'allow port 5432 only from the app servers.

intermediateCloud & Infra
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.