This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster.

All the code referred in this blog post can be found here.

We worked on this blog post with a VMware colleague: Assaf Sauer.

But why?

Network Policies are used for allowing/blocking network traffic of applications running on Kubernetes clusters. Enterprises which process critical customer data such as financial institutions(Banks, Insurances,etc. ) have quite strict security requirements and those that run applications on Kubernetes clusters are very likely to use Network Policies(or depending on the CNI plugin they use, something similar to it such as Antrea’s ClusterNetworkPolicy or CiliumNetworkPolicy) to control which ingress/egress network traffic is allowed for applications.

#kubernetes #network-policies #k8s #automation