K
Q

Kubernetes. namespaces isolation

4/26/2017

Previously, to restrict access between namespaces i used:

net.alpha.kubernetes.io/network-isolation: "on"

In version 1.6.1 does not work. The currently proposed version:

net.beta.kubernetes.io/network-policy: |
  {
    "ingress": {
      "isolation": "DefaultDeny"
    }
  }

The currently proposed version is not satisfied, because you need to create separate policies for the pods.

Is there something like this now?

-- Иван Храмов
kubernetes
kubernetes-security

Similar Questions

Monitoring resource usage of cronjob in Google Container Engine
deployment on minikube locally
How to restrict the outbound traffic of user's pods in Kubernetes?
nginx setup in kubernetes with RBAC enabled

2 Answers

5/5/2017

I also followed the doc(Declaring Network Policy) which specifies how you can apply the network policies, I tried all that in a minikube cluster, only to realize that the network provider should also support the NetworkPolicy.

This introductory doc says that NetworkPolicy is supported in Calico, Weave, Romana.

This doc has detailed information of what all providers support NetworkPolicy.

-- surajd
Source: StackOverflow
5/11/2017

Which network provider do you use in your cluster? Network provider you use should support the NetworkPolicy. NetworkPolicy controller must be setup in your cluster. If there is no NetworkPolicy controller running in your cluster, NetworkPolicy will not work.

-- luke
Source: StackOverflow