Network isolation requirement

Cluster information:

Kubernetes version: 1.18.3
Cloud being used: bare-metal
Installation method: Kubernetes the hard way
Host OS: Centos 7
CNI and version: 0.8.6
CRI and version: docker-ce 19

Dear all I need a help, I have two networks (internal and external) network on my kubernetes worker nodes. I am using nodeport service to expose the application outside of the cluster. But i see that my node port services can be accessed from internal and external network IPs of the worker nodes as the kube-proxy expose on . This will create a problem for me as some of my applications meant to run only on internal network alone and some are only on external network. Any idea how i can overcome this situation.

I think you need to take a help of network policy. Kubernetes not bound to any pods to communicate to each other in any namespaces.

1 Like

I am new to this please advise further how I can implement the network policy.

I just found this link, i am not sure this is the correct one Network Policies | Kubernetes

I verified further and i see this is applicable only for pod-to-pod
Other than network policy is there any way to expose the service based on the worker node eth0 or eth1 IP address. Kindly advise.

I haven’t tried this yet. So i can’t help it. Maybe other experts will share their thoughts on this.

Network policy helped me. I have implemented calico and denied all traffic to the cluster and then i opened the traffic one by one as required on a specific network. @tej-singh-rana Thank you so much for the advise.

1 Like