0
0
KubernetesConceptBeginner · 3 min read

What Is Network Policy in Kubernetes: Simple Explanation and Example

A NetworkPolicy in Kubernetes is a set of rules that controls how pods communicate with each other and with other network endpoints. It acts like a firewall inside the cluster, allowing you to restrict or allow traffic based on pod labels and ports.
⚙️

How It Works

Think of a Kubernetes cluster as a neighborhood where each pod is a house. By default, all houses can visit each other freely. A NetworkPolicy is like setting up fences and gates that decide who can visit whom.

When you create a NetworkPolicy, you define rules that specify which pods can send or receive traffic from other pods or IP addresses. These rules use labels to identify pods and specify allowed ports and protocols. If no policy applies, pods can communicate without restrictions.

This helps improve security by limiting access only to trusted pods, reducing the risk of unwanted or harmful traffic inside your cluster.

💻

Example

This example shows a NetworkPolicy that allows incoming traffic only from pods with the label role=frontend to pods labeled role=backend on port 80.

yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend
    ports:
    - protocol: TCP
      port: 80
Output
NetworkPolicy "allow-frontend-to-backend" created
🎯

When to Use

Use NetworkPolicy when you want to control traffic flow between pods for security or compliance. For example:

  • Limit database pods to accept traffic only from application pods.
  • Isolate sensitive workloads from public-facing pods.
  • Prevent pods from accessing external networks unless explicitly allowed.

This helps reduce attack surfaces and enforces clear communication boundaries inside your cluster.

Key Points

  • NetworkPolicy controls pod-to-pod and pod-to-external communication.
  • It uses labels to select pods and define allowed traffic.
  • Without policies, all pods can communicate freely.
  • Policies improve security by restricting traffic.
  • They apply only if the network plugin supports them.

Key Takeaways

NetworkPolicy acts like a firewall inside Kubernetes to control pod communication.
It uses labels and ports to specify which pods can talk to each other.
Without NetworkPolicy, pods can communicate without restrictions.
Use NetworkPolicy to improve security and isolate workloads.
NetworkPolicy requires a compatible network plugin to work.

Related by keyword

How to Use Network Policy for Security in KubernetesSecurityWhat is a Pod in Kubernetes: Simple Explanation and ExamplePodsWhat Is Sidecar Container in Kubernetes: Simple Explanation & ExamplePodsWhat is Static Pod in Kubernetes: Simple Explanation and ExamplePodsWhat is Namespace in Kubernetes: Simple Explanation and ExampleNamespaces

Up next

When to Use DaemonSet in Kubernetes: Key Use Cases ExplainedStatefulSet vs Deployment: Key Differences and When to Use EachHow to Bind Role to Service Account in KubernetesHow to Create a Read Only User in Kubernetes

More in Networking

Calico vs Flannel in Kubernetes: Key Differences and UsageHow Networking Works in Kubernetes: Basics and ExamplesHow Pods Communicate in Kubernetes: Networking BasicsHow Service Discovery Works in Kubernetes: Explained Simply