From the course: Kubernetes and Cloud Native Security Associate (KCSA) Cert Prep
Join today to access over 24,700 courses taught by industry experts.
Container networking and client security
From the course: Kubernetes and Cloud Native Security Associate (KCSA) Cert Prep
Container networking and client security
Now when we're thinking about container networking, aside from local cluster networking like eBPF or kube-proxy is how to actually get networking to work, how do pods get IP addresses, where's the router or the firewall? Well, Kubernetes doesn't have that out of the box. Instead, you have another plugin called the CNI or the container network interface. To secure the CNI means to secure ingress and egress traffic. So it means to say only this namespace can talk to that namespace, or these pods can have outbound communication. It's also about setting up firewall rules and ports, right? And that's where network policies come into play. And we'll see this in section three. We have a ton of information that we're going to be talking about around network policies. But when we're thinking about the container network interface, again, think about it like this. The Kubernetes network is very flat. So what the CNI gives you is a flat network. What does this mean? Well, it means Pod A in…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.