I want to deploy multiple applications to a Kubernetes cluster. These applications can consist of multiple pods that interact with each other. However, I want to isolate the applications from each other for security reasons. I’m coming from Docker Swarm where you deploy a docker-compose.yml an overlay network is created per stack you deploy.
On Kubernetes, I was planning to put each application in it’s own namespaces and define network policies so that pods can only communicate with pods inside the namespace (with exceptions ofcourse).
However, I don’t want to do this again for every application and namespace I create. I was thinking to write an Operator to watch the namespaces and automatically create the necessary network policies. However, before starting an implementation, I would like to get some feedback on this approach. I’m probably not the only one with these requirements, and others have probably implemented similar things. Is my approach valid, and are there things I can use that are already out there? I could not find them, but I might not be searching with the correct terms.
Kubernetes version: 1.23.4
Cloud being used: Scaleway
Installation method: Kapsule (managed)
CNI and version: Cilium