Searching in

Enter search term to find items
to navigate, to select, and to close

AKS Network Policy: Locking Down Traffic

Posted on by Nithin Mohan TK 1 min read

By default, K8s is flat. Any pod can talk to any pod. In a multi-tenant cluster, this is a security violation.

Deny All Strategy

We implement a “Zero Trust” network policy.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress

Then we explicitly allow traffic:

spec:
  podSelector:
    matchLabels:
      app: backend
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.