kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #36805 from harshchauhan1988/patch-2 

Adding recommendation for network isolation
This commit is contained in:
Kubernetes Prow Robot 2022-09-30 06:54:28 -07:00 committed by GitHub
parent 5c5b3f120c 8ab4ebb376
commit 91ecbb977c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/en/docs/concepts/security/multi-tenancy.md
View File

@ -218,6 +218,8 @@ In a multi-tenant environment where strict network isolation between tenants is
with a default policy that denies communication between pods is recommended with another rule that with a default policy that denies communication between pods is recommended with another rule that
allows all pods to query the DNS server for name resolution. With such a default policy in place, allows all pods to query the DNS server for name resolution. With such a default policy in place,
you can begin adding more permissive rules that allow for communication within a namespace. you can begin adding more permissive rules that allow for communication within a namespace.
It is also recommended not to use empty label selector '{}' for namespaceSelector field in network policy definition,
in case traffic need to be allowed between namespaces.
This scheme can be further refined as required. Note that this only applies to pods within a single This scheme can be further refined as required. Note that this only applies to pods within a single
control plane; pods that belong to different virtual control planes cannot talk to each other via control plane; pods that belong to different virtual control planes cannot talk to each other via
Kubernetes networking. Kubernetes networking.