Kubernetesdevops~30 mins

Network policies for traffic control in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Network policies for traffic control

📖 Scenario: You are managing a Kubernetes cluster for a small online store. You want to control which pods can communicate with each other to improve security.

🎯 Goal: Create a Kubernetes NetworkPolicy that allows only pods with the label role=frontend to receive traffic on port 80 from pods with the label role=backend.

📋 What You'll Learn

Create a NetworkPolicy YAML manifest named allow-backend-to-frontend.yaml.

The policy should select pods with label role=frontend.

Allow ingress traffic only on port 80 from pods with label role=backend.

Deny all other ingress traffic to the selected pods.

💡 Why This Matters

🌍 Real World

NetworkPolicies help secure Kubernetes clusters by controlling which pods can talk to each other, reducing attack surfaces.

💼 Career

Understanding NetworkPolicies is essential for Kubernetes administrators and DevOps engineers to enforce security and compliance in cloud-native environments.

Progress0 / 4 steps

Create the basic NetworkPolicy skeleton

Create a YAML manifest named allow-backend-to-frontend.yaml with the following keys: apiVersion set to networking.k8s.io/v1, kind set to NetworkPolicy, and metadata with name set to allow-backend-to-frontend. Also add an empty spec section.

Kubernetes

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-backend-to-frontend
spec:
# Your code here

Need a hint?

Start by defining the basic structure of a NetworkPolicy YAML file with the required keys.

Add pod selector for frontend pods

In the spec section, add podSelector with matchLabels selecting pods with role: frontend. This will target the frontend pods for the policy.

Kubernetes

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-backend-to-frontend
spec:
  # Add podSelector with matchLabels role: frontend here
  # Your code here

Need a hint?

Use podSelector with matchLabels to select pods labeled role: frontend.

Add ingress rule to allow traffic from backend pods on port 80

Under spec, add an ingress rule that allows traffic on port 80 from pods with label role: backend. Use from with podSelector matching role: backend and specify ports with port: 80 and protocol: TCP.

Kubernetes

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-backend-to-frontend
spec:
  podSelector:
    matchLabels:
      role: frontend
  # Add ingress rule to allow traffic from backend pods on port 80
  # Your code here

Need a hint?

Use ingress with from and ports to allow traffic from backend pods on TCP port 80.

Apply the NetworkPolicy and verify

Run kubectl apply -f allow-backend-to-frontend.yaml to apply the NetworkPolicy. Then run kubectl get networkpolicy allow-backend-to-frontend -o yaml to display the applied policy.

Kubernetes

# Run the commands below in your terminal
# Your code here

Need a hint?

Use kubectl apply to create the policy and kubectl get to verify it.