Every service gets a DNS name; NetworkPolicy restricts pod-to-pod traffic like a firewall.
Kubernetes Networking
# DNS — every service gets a DNS entry
# Format: service-name.namespace.svc.cluster.local
curl http://api-svc.production.svc.cluster.local
# Pod networking
# Each pod gets a unique IP
# All pods can reach each other directly
kubectl get pods -o wide # see pod IPs
# NetworkPolicy — firewall rules for pods
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-api-only
spec:
podSelector:
matchLabels:
app: db
ingress:
- from:
- podSelector:
matchLabels:
app: api
ports:
- port: 5432