Kubernetes. namespaces isolation

Question

Previously, to restrict access between namespaces i used:

net.alpha.kubernetes.io/network-isolation: "on"

In version 1.6.1 does not work. The currently proposed version:

net.beta.kubernetes.io/network-policy: |
  {
    "ingress": {
      "isolation": "DefaultDeny"
    }
  }

The currently proposed version is not satisfied, because you need to create separate policies for the pods.

Is there something like this now?

score 0 · Answer 1 · answered May 05 '17 at 05:21

I also followed the doc(Declaring Network Policy) which specifies how you can apply the network policies, I tried all that in a minikube cluster, only to realize that the network provider should also support the NetworkPolicy.

This introductory doc says that NetworkPolicy is supported in Calico, Weave, Romana.

This doc has detailed information of what all providers support NetworkPolicy.

score 0 · Answer 2 · answered May 11 '17 at 07:27

Which network provider do you use in your cluster? Network provider you use should support the NetworkPolicy. NetworkPolicy controller must be setup in your cluster. If there is no NetworkPolicy controller running in your cluster, NetworkPolicy will not work.

Kubernetes. namespaces isolation

2 Answers2