Cluster Internal Networking

By default, Pods in a cluster can communicate with each other if there are no network policies in place preventing this. This allows pods to communicate even across namespaces.

In the following example, the pod IP for my-nginx-pod is obtained by running kubectl get pod my-nginx-pod -o custom-columns=NAME:metadata.name,IP:status.podIP

To demonstrate that we can reach this pod from the dmz namespace, the command kubectl exec -it tcpdump -n dmz -- wget -O - 10.244.0.52 is ran. The returned information is the default nginx webpage.

Defending

This can be "fixed" by implementing network policies

Pull requests needed ❤️

References and resources

Kubernetes Networking
Kubernetes Networking Fundamentals
Kubernetes Threat Matrix

The Kubenomicon

Cluster Internal Networking

Defending

References and resources