One of the recurring principles in security is that of the Principle of Least Privileges – that is to say, we tend to want to give individual applications and users the least amount of privileges necessary to do their job. This has numerous benefits, chief among them being that systems tend to be harder to compromise as well as harder to exploit once compromised when they have limited access.
In the networking space, the Principle of Least Privileges has become known as the Zero Trust Security Model. In this mode, applications should be firewalled off such that only a limited number of people can get to them (those who need to) and they can only reach out to a limited number of people. In some cases, this may not be practical (such as internet-facing applications), but in modern enterprise where service-oriented architectures (SOA), microservices, and a mixture of built as well as purchased software run side-by-side, the Zero Trust Security Model offers many benefits.
With that in mind, Kubernetes gives us a way to implement Zero Trust-like policies through what we call Network Policies. Network Policies are applied to a separate pods and allow us to control either ingress traffic, egress traffic, or both. Ingress traffic means traffic coming into our applications, whereas egress traffic is traffic initiated from our applications out to another application.
An example Network Policy looks like this:
Note how there is a pod selector that defines which pods it applies to. In this case, it applies to any with the label of “role” set to “db”.
It also has both ingress and egress rules. In this case, it only allows inbound traffic from a particular IP address range, a particular namespace, or a particular pod. You can see how the criteria for kind of inbound traffic is configured. Egress traffic is only allowed to 10.0.0.0 on port 5978.