Cluster network policies in Kubernetes
Kubernetes network policies let you configure networking between pod groups and network nodes. You can create network policies using the Kubernetes Network Policy API that sets rules for filtering traffic at the pod level. These rules determine which pods and services in a Kubernetes cluster can access each other.
Network policies help restrict access in Kubernetes clusters for multi-level applications to ensure that some services can't interact with others.
Enabling network policies
You can enable network policies when creating a Kubernetes cluster:
- In the management console, select Enable network policies.
- Using the CLI, set the
--enable-network-policyflag. - Using the create method for the Cluster resource.
Once you're allowed to use network policies in the Kubernetes cluster, you can create a policy via the Kubernetes Network Policy API. For information about how to use network policies, see the Using cluster network policies in Kubernetes page.
Note
You can only configure network policies when creating a Kubernetes cluster.
Limits
To enable network policies in your Kubernetes cluster, make sure that you have:
-
A sufficient amount of resources in node groups.
Using network policies requires additional memory and vCPU resources. -
Two or more nodes in the Kubernetes cluster.
The recommended minimum Kubernetes cluster size to enable network policies is two nodes.