Kubernetes Network Policy Recipes Logo

Kubernetes Network Policy Recipes

0
Free
Visit Website

This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, read on. Easiest way to try out Network Policies is to create a new Google Kubernetes Engine cluster. Applying Network Policies on your existing cluster can disrupt the networking. At the time of writing, most cloud providers do not provide built-in network policy support. If you are not familiar with Network Policies at all, I recommend reading my Securing Kubernetes Cluster Networking article first. NetworkPolicies operate at layer 3 or 4 of OSI model (IP and port level). They are used to control the traffic in(ingress) and out(egress) of pods. An empty selector will match everything. For example spec.podSelector: {} will apply the policy to all pods in the current namespace. Selectors can only select Pods that are in the same namespace as the NetworkPolicies. Eg. spec.podSelector of an ingress rule can only select pods in the same namespace.

FEATURES

ALTERNATIVES

pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.

An open source, self-hosted implementation of the Tailscale control server.

Simple perl script for making Modbus transactions from the command line.

Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.

Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.

A Hadoop library for reading and querying PCAP files

High-performance remote packet capture and collection tool used for forensic analysis in cloud workloads.

A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF