Konubinix' opinionated web of thoughts

How to Organise the Networkpolicies?

Fleeting

how to organise the networkpolicies?

I can see in some projects1 that the networkpolicies are dealt with custom labels, generally SOMECOMPONENTNAME-client: “true”.

I tried for some time to follow this convention.

  1. a/deployment.yaml -> generate pods with the label b-client: true
  2. b/networkpolicies.yaml -> provides the networkpolities for the pods with the label b-client: true to be able to connect to pods issues from b.

This makes sense when writing all the resources in the same chart. Indeed, when

When a is written by me, ok when a is provided by some other chart, I don’t have access to the spec and the label of the created resources.

Then I need to fallback to writing down my own NP. Besides, writing down all the connection (NP) in the same file makes the code more readable. it will be easier to find out what happens rather that relying on some distributed and not totally coherent mechanism.

  1. like in the mysql bitnami chart : https://github.com/bitnami/charts/blob/2b806c3df9d6741041f71a769f4811cf952fb725/bitnami/mysql/templates/networkpolicy.yaml#L26 ↩︎