Networking Kube

2
Network Policies
Traffic
80
5000API
3306
Ingress & Egress
Ingress
80
5000API
Egress
3306
Ingress & Egress
Ingress
80
Egress Ingress
5000 API
Egress
3306
Ingress & Egress
Ingress
80
5000API
Egress Ingress
Egress
3306
Ingress
Traffic
1 Ingres 80
s
2 Egress 5000
3 Ingress 5000 API

4 Egress 3306
5 Ingres 3306
s
Network Security
10.244.1.3 10.244.1.4 10.244.2.3 10.244.2.4 10.244.3.3 10.244.3.4
10.244.1.5 10.244.2.5 10.244.3.5
192.168.1.11 192.168.1.12 192.168.1.13

Node1 Node2 Node3
Network Security
10.244.1.3 10.244.1.4 10.244.2.3 10.244.2.4 10.244.3.3 10.244.3.4
192.168.1.11 192.168.1.12 192.168.1.13

10.244.1.5 Node1 10.244.2.5
Node2 Node3 10.244.3.5
“All Allow”
Traffic
80
5000API
API
Web
Pod
Pod
DB
Pod
3306
Network Policy
80
API
Web
Pod 5000 Pod
DB
Pod
3306
Network
Policy
Network Policy
Allow Ingress
Traffic From API
Pod on Port
3306 3306
DB
Pod
Network Policy
Network Policy - Selectors
Allow Ingress
Traffic From API
Pod on Port
3306
DB
Pod
Network Policy
podSelector:
matchLabels: labels:
role: db role: db
Network Policy - Rules
policyTypes:
- Ingress Allow
ingress:
- from:
Ingress
- podSelector: Traffic
matchLabels: From
name: api-pod API Pod
ports: on
- protocol: TCP
port: 3306 Port 3306
Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
podSelector:
kubectl create –f policy-definition.yaml
metadata: matchLabels:
name: db-policy role: db
spec:
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
name: api-pod
ports:
- protocol: TCP
port: 3306
Note
Solutions that Support Network Policies: Solutions that DO NOT Support Network Poli
• Kube-router • Flannel
• Calico
• Romana
• Weave-net
30080
Internal
Pod
External
Pod
Payroll
Pod
#? DB
Pod
30080
Internal
Pod
External
Pod
Payroll
Pod
DB
? Pod
30080
Internal
Pod
External
Pod
?
Payroll
? Pod
?
DB
Pod
Payroll-Policy
?
30080
Internal
Pod
External
Pod
Payroll
Pod
Payroll-Policy
DB
Pod
30080
Internal
Pod
External
Pod
Payroll
Pod
Payroll-Policy
DB
Pod
30080
Internal
Pod
External
Pod
Payroll
Pod
Payroll-Policy
DB
Pod
30080
Internal
Pod
External
Pod
Payroll
Pod
DB
Pod
30080
Internal
Pod
External
Pod
Payroll
Pod
DB
Pod
Internal
30080
Pod
External
Pod
Payroll
Pod
DB
Pod
Internal
30080
Pod
External
Pod
Payroll
Pod
DB
Pod
Internal
30080
Pod
External
Pod
Payroll
Pod
DB
Pod
Internal
30080
Pod
External
Pod
Payroll
Pod
DB
Pod
30080
External Internal
Pod Pod
Payroll
Pod
DB Pod
31
Network Policies
kind: NetworkPolicy
metadata:
name: db-policy
spec:
80
podSelector:
API
matchLabels: Web
5000 Pod
Pod
role: db
DB
Pod
3306
Network
Policy
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
API
matchLabels: Pod
role: db
policyTypes:
- Ingress
DB
Pod
3306
Network
Policy
dev
apiVersion: networking.k8s.io/v1 API
kind: NetworkPolicy Pod
metadata:
name: db-policy prod
spec:
podSelector: test API
matchLabels: Pod
role: db API
Pod
policyTypes:
- Ingress
ingress:
- from: DB
3306
Pod
- podSelector:
matchLabels: Network
name: api-pod Policy
ports:
- protocol: TCP
port: 3306
kind: NetworkPolicy
metadata: dev
name: db-policy
spec: API
Pod
podSelector:
matchLabels:
role: db prod
policyTypes:
- Ingress test Web API
Pod Pod
ingress: API
Pod
- from:
- podSelector:
matchLabels:
name: api-pod
namespaceSelector:
DB
Pod
3306
matchLabels:
Network
name: prod Policy
ports:
- protocol: TCP
port: 3306
kind: NetworkPolicy
metadata: dev
name: db-policy
spec: API
Pod
podSelector:
matchLabels:
role: db prod
policyTypes:
- Ingress test Web API
Pod Pod
ingress: API
Pod
- from:
- podSelector:
matchLabels:
name: api-pod
namespaceSelector:
DB
Pod
3306
matchLabels:
Network
name: prod Backup Server Policy
ports: 192.168.5.10
- protocol: TCP
port: 3306
spec:
podSelector:
matchLabels:
role: db dev
policyTypes: API
- Ingress Pod
ingress:
- from: prod
- podSelector:
matchLabels: test Web API
Pod
name: api-pod Pod
API
- namespaceSelector: Pod
matchLabels:
name: prod
- ipBlock:
cidr: 192.168.5.10/32 DB
Pod
3306
Network
Backup Server Policy
ports: 192.168.5.10
- protocol: TCP
port: 3306
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress: prod
- from:
- podSelector:
API
matchLabels: Pod
name: api-pod
ports:
- protocol: TCP
port: 3306
egress:
- to: DB
Pod
3306
- ipBlock:
cidr: 192.168.5.10/32 Network
Backup Server Policy
ports: 192.168.5.10
- protocol: TCP
port: 80 80

Networking Kube

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Networking Kube

Uploaded by

Copyright:

Available Formats

2

3 Ingress 5000 API

10.244.1.3 10.244.1.4 10.244.2.3 10.244.2.4 10.244.3.3 10.244.3.4

10.244.1.5 10.244.2.5 10.244.3.5

192.168.1.11 192.168.1.12 192.168.1.13

10.244.1.3 10.244.1.4 10.244.2.3 10.244.2.4 10.244.3.3 10.244.3.4

192.168.1.11 192.168.1.12 192.168.1.13

You might also like