Hi I have some service xyz deployed in the kubernetes cluster. And for this service Ingress rules are defined for example: rules are defined to talk to the payment gateway. so basically this service will be communicating outside the kubernetes cluster. My concern is that it should only communicate with the payment gateway and should not communicate with any other entities outside the cluster So I want to introduce access control lists at the ingress level. So can you help me how this can be achieved?
It would be really helpful if you can provide link which talks about ACL’s
Hi @protosam any help would be appreciated.
I think what you’re looking for is network policies. They will let you setup rules about which pods can talk to each other.
One note though - you must use a CNI driver that supports them (e.g. calico or cilium).
1 Like
Hi @mrbobbytables just a small question does network policies work with kubenet plugin?
If kubenet plugin doesn’t support network policies, I am using public cloud [ Azure] so I should use Azure CNI with calico right?
This is the documentation related to networking on AKS.
The simplest way to determine if this works for you or not is to just create a namespace and test things out. In the what’s next section of the network policies documentation, it points you to this very basic walkthrough. I would suppose that if things in that walkthrough work, then you’re good to proceed on network policies.