There are two types of traffic in Kubernetes:
Ingress traffic: Traffic coming into a pod.
This includes connections from other pods inside the cluster or from outside sources (e.g., Internet, LoadBalancer).
Egress traffic: Traffic leaving a pod.
This can be directed to other pods in the cluster or to external services (e.g., public APIs, external databases).
NetworkPolicies allow you to control which communication flows are allowed to and from your pods, for both ingress and egress directions.
so you have to do ingress for accept traffic 80 for the endpoint of the suer request
Ingress for the api to the database
Egrees for the response etc etc
network policy is a object in a namespece that you link to one or multiple pod
exemple beetwen api and DB
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
matchLabels:
role: maria-db
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
name: api-pod
namespaceSelector:
matchLabels:
name: prod
ports:
- protocol: TCP
port: 3306
egress:
- to:
ports:
- protocol: TCP
port: 80
ici tous les pods ayant le labels api-pod est qui sont dans un namespace avec le label prod auront acces sur le port 3306/TCP a toutes les pods ayant le lables maria-db
et la db a le droit d'envoyer des trames a tous le monde sur le port 80 en tco
Exemple de yaml pour un Egress
ici on autorise pour tous les pods avec le label
name=internal
a faire des resolution dns via le traffic sur le port 53 dans le namespace default
et apres on restreint le traffic de sortie sur les pods avec les label
name=mysql sur le port 3306/TCP dans le namespace default
name=payroll sur le port 8080/TCP dans le namespace default
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: internal-policy
namespace: default
spec:
podSelector:
matchLabels:
name: internal
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
name: mysql
ports:
- protocol: TCP
port: 3306
- to:
- podSelector:
matchLabels:
name: payroll
ports:
- protocol: TCP
port: 8080
- ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53