Return

Pattern: Network Isolation

Leverage a tool to provide more granular control over connections to workloads.

Network Isolation

An organisation is utilising a container platform which runs multiple different systems, environments, shared by multiple teams or even customers.

In This Context

Multiple applications, teams, environments (e.g. dev/staging) and even clients (multi tenant) are sharing the platform. While these separate services should not normally access each other across certain boundaries (e.g. Namespaces), by default there is nothing blocking traffic (either malicious or by error) from crossing these boundaries. Separate applications running on one platform can be susceptible to attacks from others.

Therefore

By leveraging a feature such as NetworkPolicies in Kubernetes, we can block all unwanted traffic between services.

Actions

Consequently

Network security is enhanced within the shared platform with the ability to track subsequent changes.