{"id":1616,"date":"2021-07-14T16:33:00","date_gmt":"2021-07-14T16:33:00","guid":{"rendered":"https:\/\/takeondevops.com\/?p=1616"},"modified":"2021-09-06T06:18:57","modified_gmt":"2021-09-06T06:18:57","slug":"network-policies-for-namespaces-in-kubernetes","status":"publish","type":"post","link":"https:\/\/takeondevops.com\/?p=1616","title":{"rendered":"Network Policies for Namespaces in Kubernetes"},"content":{"rendered":"\n<p>Let me begin with some context on why I thought of writing about this. Recently I attended a meetup on &#8220;Securing a Kubernetes Cluster&#8221;. One of the key takeaways from this meetup is blocking access to one namespace from another(Using Network Policies). Some of you may wonder why is this a topic worth exploring. To answer this question  let&#8217;s look at a common attack vector observed in the hacking world. <\/p>\n\n\n\n<p>Let&#8217;s say we have one Kubernetes cluster hosting multiple environments. Multiple environments in the cluster; Separated by namespaces. As in many other cases, our production application is bug-free and thoroughly tested to be free from vulnerabilities as well. But our development environment(dev) sees many changes rapidly. Because of this, the Dev server is not always bug-free and may contain vulnerabilities. Attackers may use this to their advantage. Since they cannot directly access the production environment, they can initially gain access to the Dev environment. After that they can try to penetrate in to the production environment through that. Or stay in Dev and do their nefarious activities from there.<\/p>\n\n\n\n<p>What next? The attackers can either actively attack the production environment. Or they can remain undetected for as long as they can and eavesdrop on the production environment. This depends on their motive. So, for this reason we need to create network policies. Let&#8217;s take a closer look on this with a demo.<\/p>\n\n\n\n<p>Expand the sections below to learn more on this.<\/p>\n\n\n\n<div id=\"pressrelease-link-1616\" class=\"sh-link pressrelease-link sh-hide\"><a href=\"#\" onclick=\"showhide_toggle('pressrelease', 1616, '&#x2195;&#xfe0f; Expand section, \\'The setup\\' &#x2195;&#xfe0f;', '&#x2195;&#xfe0f; Collapse section, \\'The setup\\' &#x2195;&#xfe0f;'); return false;\" aria-expanded=\"false\"><span id=\"pressrelease-toggle-1616\">&#x2195;&#xfe0f; Expand section, 'The setup' &#x2195;&#xfe0f;<\/span><\/a><\/div><div id=\"pressrelease-content-1616\" class=\"sh-content pressrelease-content sh-hide\" style=\"display: none;\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Setting up the demo<\/h2>\n\n\n\n<p>So for this demo I am using a 2 node Kubernetes cluster. One master node and one worker node. I have created 2 namespaces with labels.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl create namespace dev-namespace --dry-run=client -o yaml &gt; dev-ns.yml<\/code><\/pre>\n\n\n\n<p>Next, I added some labels to the namespaces.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#Editing the file dev-ns.yml\napiVersion: v1\nkind: Namespace\nmetadata:\n  creationTimestamp: null\n  name: dev-space\n  labels:\n    env:  dev\nspec: {}\nstatus: {}<\/code><\/pre>\n\n\n\n<p>Then, I created the namespace for Dev.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl apply -f dev-ns.yml<\/code><\/pre>\n\n\n\n<p>Similarly, I created another namespace for production.<\/p>\n\n\n\n<p>Now we need to create some deployments in those namespaces that we created. We can easily do that using the below commands. Here, I am using nginxdemos\/hello:plain-text as the image. Basically, it prints some information about the host. You can find more information about this container image <a href=\"https:\/\/hub.docker.com\/r\/nginxdemos\/hello\">here<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubectl create deployment devapp --image=nginxdemos\/hello:plain-text --namespace=dev-space\nkubectl create deployment prodapp --image=nginxdemos\/hello:plain-text --namespace=prod-space<\/code><\/pre>\n\n\n\n<p>Lastly, in this section lets see if the above deployment works. For this we just need to do a curl.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"154\" src=\"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?resize=756%2C154&#038;ssl=1\" alt=\"\" class=\"wp-image-1618\" srcset=\"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?w=981&amp;ssl=1 981w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?resize=300%2C61&amp;ssl=1 300w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?resize=768%2C157&amp;ssl=1 768w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?resize=200%2C41&amp;ssl=1 200w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" data-recalc-dims=\"1\" \/><\/figure>\n\n\n\n<p><\/div>\n\n\n\n<div id=\"apd-link-1616\" class=\"sh-link apd-link sh-hide\"><a href=\"#\" onclick=\"showhide_toggle('apd', 1616, '&#x2195;&#xfe0f; Expand section, \\'Attacking production from Dev &#x2195;&#xfe0f;', '&#x2195;&#xfe0f; Collapse section, \\'Accessing production from Dev\\' &#x2195;&#xfe0f;'); return false;\" aria-expanded=\"false\"><span id=\"apd-toggle-1616\">&#x2195;&#xfe0f; Expand section, 'Attacking production from Dev &#x2195;&#xfe0f;<\/span><\/a><\/div><div id=\"apd-content-1616\" class=\"sh-content apd-content sh-hide\" style=\"display: none;\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attacking production from dev<\/h2>\n\n\n\n<p>Here, we are trying to do things to prod from dev. This is just a demo so we are not doing anything fancy. I will explain few things attacker can do later in this section. To simulate execution of commands run against the production we are making use of the &#8216;kubectl exec&#8217; command. But attacker may a different approach to reach the same outcome shown here. For example, attacker may run commands against prod from dev using a hacking tool\/script.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"345\" src=\"https:\/\/i1.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-1.png?resize=756%2C345&#038;ssl=1\" alt=\"\" class=\"wp-image-1619\" srcset=\"https:\/\/i1.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-1.png?w=998&amp;ssl=1 998w, https:\/\/i1.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-1.png?resize=300%2C137&amp;ssl=1 300w, https:\/\/i1.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-1.png?resize=768%2C350&amp;ssl=1 768w, https:\/\/i1.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-1.png?resize=200%2C91&amp;ssl=1 200w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" data-recalc-dims=\"1\" \/><\/figure>\n\n\n\n<p>As pictured above, we are using the existing pod in the dev deployment to execute various commands against the production server. What can the attacker do here? Attacker may use commands to download malicious scripts from elsewhere in to the dev pod and run them. Here, the attacker has more visibility over accessing from externally. Therefore, attacker has access to ports that are inaccessible from outside. He\/she can easily identify them by probing them from the Dev as we did up there \ud83d\ude42<\/p>\n\n\n\n<p><\/div>\n\n\n\n<div id=\"netpol-link-1616\" class=\"sh-link netpol-link sh-hide\"><a href=\"#\" onclick=\"showhide_toggle('netpol', 1616, '&#x2195;&#xfe0f; Expand section, \\'Network Policies to the rescue\\' &#x2195;&#xfe0f;', '&#x2195;&#xfe0f; Collapse section, \\'Network Policies to the rescue\\' &#x2195;&#xfe0f;'); return false;\" aria-expanded=\"false\"><span id=\"netpol-toggle-1616\">&#x2195;&#xfe0f; Expand section, 'Network Policies to the rescue' &#x2195;&#xfe0f;<\/span><\/a><\/div><div id=\"netpol-content-1616\" class=\"sh-content netpol-content sh-hide\" style=\"display: none;\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Network policies to the rescue<\/h2>\n\n\n\n<p>First of all, we need to acknowledge the fact that attackers should not have access to the dev environment in the first place. We need to ensure they are kept out of our perimeter and out of our cluster. But it is always nice to have defense in depth. So as part of our contingency plans, we can add a network policy.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apiVersion: networking.k8s.io\/v1\nkind: NetworkPolicy\nmetadata:\n  name: ns-netpol\n  namespace: prod-space\nspec:\n  podSelector:\n    matchLabels:\n      app: prodapp\n  policyTypes:\n  - Ingress\n  ingress:\n  - from:\n    - namespaceSelector:\n        matchLabels:\n          env: prod<\/code><\/pre>\n\n\n\n<p>Finally, once you  have the above typed out, create a network policy using it. This will ensure that only any object within the prod namespace can reach the deployment in question. Above is just an example and this can be customized as per our requirement.<\/p>\n\n\n\n<p>Let&#8217;s see what happens when we try to probe the production environment from the dev environment now.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"300\" src=\"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-2.png?resize=756%2C300&#038;ssl=1\" alt=\"\" class=\"wp-image-1621\" srcset=\"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-2.png?w=975&amp;ssl=1 975w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-2.png?resize=300%2C119&amp;ssl=1 300w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-2.png?resize=768%2C305&amp;ssl=1 768w, https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image-2.png?resize=200%2C79&amp;ssl=1 200w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" data-recalc-dims=\"1\" \/><\/figure>\n\n\n\n<p>Success! Now we have blocked all requests from namespaces other than prod going in to prod.<\/p>\n\n\n\n<p><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>I hope that the above content has given you some insight about network policies being used on namespaces. Questions? Comments? post them down below. If you found this interesting please check out my featured blogs <a href=\"https:\/\/takeondevops.com\/?cat=4\">here.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let me begin with some context on why I thought of writing about this. Recently I attended a meetup on &#8220;Securing a Kubernetes Cluster&#8221;. One of the key takeaways from this meetup is blocking access to one namespace from another(Using Network Policies). Some of you may wonder why is this a topic worth exploring. To [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[3,4,5,6,7],"tags":[12,9,11,10,13],"class_list":["post-1616","post","type-post","status-publish","format-standard","hentry","category-dev","category-featured","category-infosec","category-network","category-systems","tag-k8","tag-kubernetes","tag-linux","tag-network-policies","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Network Policies for Namespaces in Kubernetes - Take On Devops<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/takeondevops.com\/?p=1616\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Network Policies for Namespaces in Kubernetes - Take On Devops\" \/>\n<meta property=\"og:description\" content=\"Let me begin with some context on why I thought of writing about this. Recently I attended a meetup on &#8220;Securing a Kubernetes Cluster&#8221;. One of the key takeaways from this meetup is blocking access to one namespace from another(Using Network Policies). Some of you may wonder why is this a topic worth exploring. To [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/takeondevops.com\/?p=1616\" \/>\n<meta property=\"og:site_name\" content=\"Take On Devops\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-14T16:33:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-06T06:18:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png\" \/>\n<meta name=\"author\" content=\"ihsan izwer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ihsan izwer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616\"},\"author\":{\"name\":\"ihsan izwer\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\"},\"headline\":\"Network Policies for Namespaces in Kubernetes\",\"datePublished\":\"2021-07-14T16:33:00+00:00\",\"dateModified\":\"2021-09-06T06:18:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616\"},\"wordCount\":818,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/takeondevops.com\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/image.png\",\"keywords\":[\"k8\",\"kubernetes\",\"linux\",\"network policies\",\"security\"],\"articleSection\":[\"Dev\",\"Featured\",\"InfoSec\",\"Network\",\"Systems\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/takeondevops.com\\\/?p=1616#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616\",\"url\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616\",\"name\":\"Network Policies for Namespaces in Kubernetes - Take On Devops\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/takeondevops.com\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/image.png\",\"datePublished\":\"2021-07-14T16:33:00+00:00\",\"dateModified\":\"2021-09-06T06:18:57+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/takeondevops.com\\\/?p=1616\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#primaryimage\",\"url\":\"https:\\\/\\\/i2.wp.com\\\/takeondevops.com\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/image.png?fit=981%2C200&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i2.wp.com\\\/takeondevops.com\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/image.png?fit=981%2C200&ssl=1\",\"width\":981,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=1616#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/takeondevops.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Network Policies for Namespaces in Kubernetes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#website\",\"url\":\"https:\\\/\\\/takeondevops.com\\\/\",\"name\":\"Take On Devops\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/takeondevops.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\",\"name\":\"ihsan izwer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"caption\":\"ihsan izwer\"},\"url\":\"https:\\\/\\\/takeondevops.com\\\/?author=3\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Network Policies for Namespaces in Kubernetes - Take On Devops","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/takeondevops.com\/?p=1616","og_locale":"en_US","og_type":"article","og_title":"Network Policies for Namespaces in Kubernetes - Take On Devops","og_description":"Let me begin with some context on why I thought of writing about this. Recently I attended a meetup on &#8220;Securing a Kubernetes Cluster&#8221;. One of the key takeaways from this meetup is blocking access to one namespace from another(Using Network Policies). Some of you may wonder why is this a topic worth exploring. To [&hellip;]","og_url":"https:\/\/takeondevops.com\/?p=1616","og_site_name":"Take On Devops","article_published_time":"2021-07-14T16:33:00+00:00","article_modified_time":"2021-09-06T06:18:57+00:00","og_image":[{"url":"https:\/\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png","type":"","width":"","height":""}],"author":"ihsan izwer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ihsan izwer","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/takeondevops.com\/?p=1616#article","isPartOf":{"@id":"https:\/\/takeondevops.com\/?p=1616"},"author":{"name":"ihsan izwer","@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb"},"headline":"Network Policies for Namespaces in Kubernetes","datePublished":"2021-07-14T16:33:00+00:00","dateModified":"2021-09-06T06:18:57+00:00","mainEntityOfPage":{"@id":"https:\/\/takeondevops.com\/?p=1616"},"wordCount":818,"commentCount":0,"image":{"@id":"https:\/\/takeondevops.com\/?p=1616#primaryimage"},"thumbnailUrl":"https:\/\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png","keywords":["k8","kubernetes","linux","network policies","security"],"articleSection":["Dev","Featured","InfoSec","Network","Systems"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/takeondevops.com\/?p=1616#respond"]}]},{"@type":"WebPage","@id":"https:\/\/takeondevops.com\/?p=1616","url":"https:\/\/takeondevops.com\/?p=1616","name":"Network Policies for Namespaces in Kubernetes - Take On Devops","isPartOf":{"@id":"https:\/\/takeondevops.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/takeondevops.com\/?p=1616#primaryimage"},"image":{"@id":"https:\/\/takeondevops.com\/?p=1616#primaryimage"},"thumbnailUrl":"https:\/\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png","datePublished":"2021-07-14T16:33:00+00:00","dateModified":"2021-09-06T06:18:57+00:00","author":{"@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb"},"breadcrumb":{"@id":"https:\/\/takeondevops.com\/?p=1616#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/takeondevops.com\/?p=1616"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/takeondevops.com\/?p=1616#primaryimage","url":"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?fit=981%2C200&ssl=1","contentUrl":"https:\/\/i2.wp.com\/takeondevops.com\/wp-content\/uploads\/2021\/08\/image.png?fit=981%2C200&ssl=1","width":981,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/takeondevops.com\/?p=1616#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/takeondevops.com\/"},{"@type":"ListItem","position":2,"name":"Network Policies for Namespaces in Kubernetes"}]},{"@type":"WebSite","@id":"https:\/\/takeondevops.com\/#website","url":"https:\/\/takeondevops.com\/","name":"Take On Devops","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/takeondevops.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb","name":"ihsan izwer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","caption":"ihsan izwer"},"url":"https:\/\/takeondevops.com\/?author=3"}]}},"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/1616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1616"}],"version-history":[{"count":4,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/1616\/revisions"}],"predecessor-version":[{"id":1635,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/1616\/revisions\/1635"}],"wp:attachment":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}