{"id":3648,"date":"2025-05-04T12:54:00","date_gmt":"2025-05-04T09:54:00","guid":{"rendered":"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/05\/04\/kubernetes-ag-politikalari-mikroservis-guvenligi\/"},"modified":"2026-05-19T17:25:45","modified_gmt":"2026-05-19T14:25:45","slug":"kubernetes-ag-politikalari-mikroservis-guvenligi","status":"publish","type":"post","link":"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/05\/04\/kubernetes-ag-politikalari-mikroservis-guvenligi\/","title":{"rendered":"Kubernetes A\u011f Politikalar\u0131 ile Mikroservis G\u00fcvenli\u011fini Art\u0131rma: Kapsaml\u0131 Bir Rehber"},"content":{"rendered":"<p class=\"bircloud-reading-time\">\ud83d\udcd6 <strong>5 dakika<\/strong> okuma s\u00fcresi<\/p>\n<div class=\"bircloud-toc\">\n<h2>\ud83d\udccb \u0130\u00e7indekiler<\/h2>\n<ul>\n<li><a href=\"#section-1\">Giri\u015f<\/a><\/li>\n<li><a href=\"#section-2\">Kubernetes A\u011f Politikalar\u0131 Nedir?<\/a><\/li>\n<li><a href=\"#section-3\">A\u011f Politikalar\u0131n\u0131n Avantajlar\u0131<\/a><\/li>\n<li><a href=\"#section-4\">Kullan\u0131m Senaryolar\u0131<\/a><\/li>\n<li><a href=\"#section-5\">Kurulum ve Ba\u015flang\u0131\u00e7 Rehberi<\/a><\/li>\n<li class=\"toc-sub\"><a href=\"#section-6\">1. A\u011f Politikas\u0131 Sa\u011flay\u0131c\u0131s\u0131n\u0131 Etkinle\u015ftirme<\/a><\/li>\n<li class=\"toc-sub\"><a href=\"#section-7\">2. A\u011f Politikas\u0131 Tan\u0131mlama<\/a><\/li>\n<li class=\"toc-sub\"><a href=\"#section-8\">3. A\u011f Politikas\u0131n\u0131 Uygulama<\/a><\/li>\n<li class=\"toc-sub\"><a href=\"#section-9\">4. Test Etme<\/a><\/li>\n<li><a href=\"#section-10\">BirCloud Perspektifi<\/a><\/li>\n<li><a href=\"#section-11\">Sonu\u00e7<\/a><\/li>\n<\/ul>\n<\/div>\n<h2 id=\"section-1\">Giri\u015f<\/h2>\n<p>Mikroservis mimarisi, modern uygulamalar\u0131n geli\u015ftirilmesi ve da\u011f\u0131t\u0131lmas\u0131 i\u00e7in pop\u00fcler bir yakla\u015f\u0131m haline gelmi\u015ftir. Ancak, bu mimari beraberinde karma\u015f\u0131kl\u0131k ve g\u00fcvenlik zorluklar\u0131n\u0131 da getirmektedir. Kubernetes, mikroservisleri y\u00f6netmek i\u00e7in g\u00fc\u00e7l\u00fc bir platform sa\u011flarken, a\u011f politikalar\u0131 da bu ortamdaki g\u00fcvenli\u011fi sa\u011flamak i\u00e7in kritik bir rol oynar. Bu yaz\u0131da, Kubernetes a\u011f politikalar\u0131n\u0131n ne oldu\u011funu, nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve mikroservis g\u00fcvenli\u011fini nas\u0131l art\u0131rd\u0131\u011f\u0131n\u0131 detayl\u0131 bir \u015fekilde inceleyece\u011fiz.<\/p>\n<h2 id=\"section-2\">Kubernetes A\u011f Politikalar\u0131 Nedir?<\/h2>\n<p>Kubernetes a\u011f politikalar\u0131, podlar aras\u0131ndaki a\u011f trafi\u011fini kontrol etmek i\u00e7in kullan\u0131lan bir Kubernetes kayna\u011f\u0131d\u0131r. Temel olarak, hangi podlar\u0131n hangi podlarla ileti\u015fim kurabilece\u011fini tan\u0131mlayan kurallar k\u00fcmesidir. Bu kurallar, etiketlere (labels) ve ad alanlar\u0131na (namespaces) dayal\u0131 olarak belirlenir ve bu sayede mikroservisler aras\u0131ndaki izolasyonu ve eri\u015fim kontrol\u00fcn\u00fc sa\u011flamak m\u00fcmk\u00fcn olur.<\/p>\n<p>A\u011f politikalar\u0131, Kubernetes k\u00fcmesi i\u00e7indeki a\u011f trafi\u011fini d\u00fczenleyerek, yetkisiz eri\u015fimi engeller ve potansiyel g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 azalt\u0131r. Bu politikalar, bir g\u00fcvenlik duvar\u0131 gibi davranarak, yaln\u0131zca izin verilen trafi\u011fin mikroservisler aras\u0131nda akmas\u0131na izin verir.<\/p>\n<h2 id=\"section-3\">A\u011f Politikalar\u0131n\u0131n Avantajlar\u0131<\/h2>\n<ul>\n<li><b>Mikroservis \u0130zolasyonu:<\/b> A\u011f politikalar\u0131, farkl\u0131 mikroservislerin birbirlerinden izole edilmesini sa\u011flar. Bu sayede, bir mikroservisteki g\u00fcvenlik ihlali di\u011fer mikroservisleri etkilemez.<\/li>\n<li><b>Eri\u015fim Kontrol\u00fc:<\/b> Hangi mikroservislerin birbirleriyle ileti\u015fim kurabilece\u011fini belirleyerek, yetkisiz eri\u015fimi engeller.<\/li>\n<li><b>G\u00fcvenlik \u0130hlallerini Azaltma:<\/b> A\u011f trafi\u011fini kontrol ederek, potansiyel g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 azalt\u0131r ve sald\u0131r\u0131 y\u00fczeyini daralt\u0131r.<\/li>\n<li><b>Uyumluluk:<\/b> A\u011f politikalar\u0131, PCI DSS, HIPAA gibi uyumluluk standartlar\u0131n\u0131 kar\u015f\u0131lamaya yard\u0131mc\u0131 olur.<\/li>\n<li><b>G\u00f6r\u00fcn\u00fcrl\u00fck ve \u0130zlenebilirlik:<\/b> A\u011f politikalar\u0131, a\u011f trafi\u011finin daha iyi anla\u015f\u0131lmas\u0131n\u0131 ve izlenmesini sa\u011flar. Bu sayede, olas\u0131 sorunlar daha h\u0131zl\u0131 tespit edilebilir. <a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/12\/25\/kubernetes-ebpf-gelismis-ag-izleme-guvenlik-derinlemesine-bakis\/\">Kubernetes&#8217;te eBPF ile Geli\u015fmi\u015f A\u011f \u0130zleme ve G\u00fcvenlik<\/a> yaz\u0131m\u0131zda bu konuya detayl\u0131ca de\u011finmi\u015ftik.<\/li>\n<\/ul>\n<h2 id=\"section-4\">Kullan\u0131m Senaryolar\u0131<\/h2>\n<p>A\u011f politikalar\u0131, \u00e7e\u015fitli kullan\u0131m senaryolar\u0131nda mikroservis g\u00fcvenli\u011fini art\u0131rmak i\u00e7in kullan\u0131labilir:<\/p>\n<ul>\n<li><b>Ortam \u0130zolasyonu:<\/b> Geli\u015ftirme, test ve \u00fcretim ortamlar\u0131n\u0131 birbirinden izole ederek, yanl\u0131\u015fl\u0131kla \u00fcretim ortam\u0131na yap\u0131lan de\u011fi\u015fikliklerin \u00f6n\u00fcne ge\u00e7ilir.<\/li>\n<li><b>Katmanl\u0131 G\u00fcvenlik:<\/b> Uygulama katman\u0131nda ek bir g\u00fcvenlik katman\u0131 sa\u011flayarak, yetkisiz eri\u015fimi engeller.<\/li>\n<li><b>Veritaban\u0131 G\u00fcvenli\u011fi:<\/b> Veritabanlar\u0131na yaln\u0131zca belirli mikroservislerin eri\u015fmesine izin vererek, veri g\u00fcvenli\u011fini art\u0131r\u0131r.<\/li>\n<li><b>D\u0131\u015f Eri\u015fim Kontrol\u00fc:<\/b> D\u0131\u015f d\u00fcnyadan gelen trafi\u011fi kontrol ederek, yaln\u0131zca yetkili kullan\u0131c\u0131lar\u0131n mikroservislere eri\u015fmesine izin verilir.<\/li>\n<\/ul>\n<h2 id=\"section-5\">Kurulum ve Ba\u015flang\u0131\u00e7 Rehberi<\/h2>\n<p>Kubernetes a\u011f politikalar\u0131n\u0131 kullanmaya ba\u015flamak i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izleyebilirsiniz:<\/p>\n<h3 id=\"section-6\">1. A\u011f Politikas\u0131 Sa\u011flay\u0131c\u0131s\u0131n\u0131 Etkinle\u015ftirme<\/h3>\n<p>Kubernetes k\u00fcmenizde bir a\u011f politikas\u0131 sa\u011flay\u0131c\u0131s\u0131n\u0131n (\u00f6rne\u011fin, Calico, Cilium, Weave Net) etkinle\u015ftirilmi\u015f olmas\u0131 gerekir. \u00c7o\u011fu Kubernetes da\u011f\u0131t\u0131m\u0131, varsay\u0131lan olarak bir a\u011f politikas\u0131 sa\u011flay\u0131c\u0131s\u0131 ile birlikte gelir. Ancak, etkinle\u015ftirilmemi\u015fse, sa\u011flay\u0131c\u0131n\u0131n dok\u00fcmantasyonunu takip ederek etkinle\u015ftirebilirsiniz.<\/p>\n<h3 id=\"section-7\">2. A\u011f Politikas\u0131 Tan\u0131mlama<\/h3>\n<p>A\u011f politikalar\u0131n\u0131 YAML dosyalar\u0131 arac\u0131l\u0131\u011f\u0131yla tan\u0131mlars\u0131n\u0131z. A\u015fa\u011f\u0131da basit bir \u00f6rnek verilmi\u015ftir:<\/p>\n<pre><code class=\"language-yaml\">\napiVersion: networking.k8s.io\/v1\nkind: NetworkPolicy\nmetadata:\n  name: allow-from-namespace\n  namespace: my-namespace\nspec:\n  podSelector:\n    matchLabels:\n      app: my-app\n  ingress:\n  - from:\n    - namespaceSelector:\n        matchLabels:\n          name: allowed-namespace\n<\/code><\/pre>\n<p>Bu \u00f6rnek, `my-namespace` ad alan\u0131ndaki `app: my-app` etiketine sahip podlar\u0131n, yaln\u0131zca `allowed-namespace` ad alan\u0131ndaki podlardan gelen trafi\u011fi kabul etmesine izin verir.<\/p>\n<h3 id=\"section-8\">3. A\u011f Politikas\u0131n\u0131 Uygulama<\/h3>\n<p>YAML dosyas\u0131n\u0131 kullanarak a\u011f politikas\u0131n\u0131 uygulamak i\u00e7in a\u015fa\u011f\u0131daki komutu kullan\u0131n:<\/p>\n<pre><code class=\"language-bash\">\nkubectl apply -f network-policy.yaml\n<\/code><\/pre>\n<h3 id=\"section-9\">4. Test Etme<\/h3>\n<p>A\u011f politikas\u0131n\u0131n do\u011fru \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 test etmek i\u00e7in, izin verilen ve izin verilmeyen trafi\u011fi sim\u00fcle edebilirsiniz. \u00d6rne\u011fin, `kubectl exec` komutunu kullanarak bir poddan di\u011ferine ping atabilir veya `curl` komutuyla HTTP iste\u011fi g\u00f6nderebilirsiniz.<\/p>\n<h2 id=\"section-10\">BirCloud Perspektifi<\/h2>\n<p>BirCloud olarak, mikroservis mimarilerinin g\u00fcvenli\u011finin \u00f6neminin fark\u0131nday\u0131z. Kubernetes a\u011f politikalar\u0131, bu g\u00fcvenli\u011fi sa\u011flamak i\u00e7in g\u00fc\u00e7l\u00fc bir ara\u00e7t\u0131r. M\u00fc\u015fterilerimize, Kubernetes k\u00fcmelerini g\u00fcvenli bir \u015fekilde yap\u0131land\u0131rmak ve y\u00f6netmek i\u00e7in uzmanl\u0131k ve destek sa\u011fl\u0131yoruz.<\/p>\n<p>Ayr\u0131ca, <a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/12\/20\/cloud-native-cilium-ebpf-sifir-guven\/\">Cloud Native Uygulamalar i\u00e7in Cilium Service Mesh ve eBPF ile S\u0131f\u0131r G\u00fcven (Zero Trust) Yakla\u015f\u0131m\u0131<\/a> gibi daha geli\u015fmi\u015f g\u00fcvenlik \u00e7\u00f6z\u00fcmleriyle de ilgileniyoruz. Bu \u00e7\u00f6z\u00fcmler, a\u011f politikalar\u0131n\u0131n \u00f6tesine ge\u00e7erek, daha ayr\u0131nt\u0131l\u0131 ve dinamik g\u00fcvenlik kontrolleri sa\u011flar.<\/p>\n<p>A\u011f politikalar\u0131n\u0131 daha etkili kullanmak i\u00e7in <a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2026\/02\/03\/modern-savunmanin-temeli-isletmenizi-birsiem-ile-nasil-guclendirirsiniz\/\">Modern Savunman\u0131n Temeli: \u0130\u015fletmenizi BirSIEM ile Nas\u0131l G\u00fc\u00e7lendirirsiniz?<\/a> ba\u015fl\u0131kl\u0131 yaz\u0131m\u0131zdaki SIEM \u00e7\u00f6z\u00fcmleriyle entegre edebilirsiniz.<\/p>\n<h2 id=\"section-11\">Sonu\u00e7<\/h2>\n<p>Kubernetes a\u011f politikalar\u0131, mikroservis g\u00fcvenli\u011fini art\u0131rmak i\u00e7in kritik bir ara\u00e7t\u0131r. Do\u011fru yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131nda, a\u011f politikalar\u0131, yetkisiz eri\u015fimi engeller, g\u00fcvenlik ihlallerini azalt\u0131r ve uyumluluk standartlar\u0131n\u0131 kar\u015f\u0131lamaya yard\u0131mc\u0131 olur. BirCloud olarak, m\u00fc\u015fterilerimize Kubernetes k\u00fcmelerini g\u00fcvenli bir \u015fekilde yap\u0131land\u0131rmak ve y\u00f6netmek i\u00e7in uzmanl\u0131k ve destek sa\u011fl\u0131yoruz. Mikroservis mimarinizin g\u00fcvenli\u011fini art\u0131rmak i\u00e7in a\u011f politikalar\u0131n\u0131 kullanmaya ba\u015flay\u0131n ve BirCloud&#8217;un uzmanl\u0131\u011f\u0131ndan yararlan\u0131n.<\/p>\n<div class=\"bircloud-faq\">\n<h2>\u2753 S\u0131k Sorulan Sorular<\/h2>\n<div class=\"faq-item\">\n<h3>Kubernetes a\u011f politikalar\u0131 nedir?<\/h3>\n<p>Kubernetes a\u011f politikalar\u0131, podlar aras\u0131ndaki a\u011f trafi\u011fini kontrol etmek i\u00e7in kullan\u0131lan bir Kubernetes kayna\u011f\u0131d\u0131r. Hangi podlar\u0131n hangi podlarla ileti\u015fim kurabilece\u011fini tan\u0131mlayan kurallar k\u00fcmesidir.<\/p>\n<\/div>\n<div class=\"faq-item\">\n<h3>A\u011f politikalar\u0131 neden \u00f6nemlidir?<\/h3>\n<p>A\u011f politikalar\u0131, mikroservisler aras\u0131ndaki izolasyonu ve eri\u015fim kontrol\u00fcn\u00fc sa\u011flayarak, g\u00fcvenlik ihlallerini azalt\u0131r ve uyumluluk standartlar\u0131n\u0131 kar\u015f\u0131lamaya yard\u0131mc\u0131 olur.<\/p>\n<\/div>\n<div class=\"faq-item\">\n<h3>Hangi a\u011f politikas\u0131 sa\u011flay\u0131c\u0131lar\u0131n\u0131 kullanabilirim?<\/h3>\n<p>Calico, Cilium, Weave Net gibi bir\u00e7ok a\u011f politikas\u0131 sa\u011flay\u0131c\u0131s\u0131 bulunmaktad\u0131r. Kubernetes da\u011f\u0131t\u0131m\u0131n\u0131z\u0131n varsay\u0131lan olarak bir sa\u011flay\u0131c\u0131s\u0131 olabilir, ancak farkl\u0131 bir sa\u011flay\u0131c\u0131y\u0131 da tercih edebilirsiniz.<\/p>\n<\/div>\n<div class=\"faq-item\">\n<h3>BirCloud a\u011f politikalar\u0131 konusunda nas\u0131l yard\u0131mc\u0131 olabilir?<\/h3>\n<p>BirCloud, m\u00fc\u015fterilerine Kubernetes k\u00fcmelerini g\u00fcvenli bir \u015fekilde yap\u0131land\u0131rmak ve y\u00f6netmek i\u00e7in uzmanl\u0131k ve destek sa\u011flar. Ayr\u0131ca, daha geli\u015fmi\u015f g\u00fcvenlik \u00e7\u00f6z\u00fcmleriyle de ilgileniyoruz ve m\u00fc\u015fterilerimize bu konuda dan\u0131\u015fmanl\u0131k hizmeti sunuyoruz.<\/p>\n<\/div>\n<\/div>\n<div class=\"bircloud-related-posts\">\n<h2>\ud83d\udcda \u0130lgili Yaz\u0131lar<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/06\/26\/argo-cd-gitops-kubernetes-yonetimi-ci-cd\/\">Argo CD ile Geli\u015fmi\u015f GitOps: Kubernetes Y\u00f6netiminde S\u00fcrekli Entegrasyon ve S\u00fcrekli Teslim (CI\/CD)<\/a><\/li>\n<li><a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/08\/10\/cloud-native-ebpf-guvenlik-cozumleri\/\">Cloud Native Uygulamalar \u0130\u00e7in Devrim: eBPF Tabanl\u0131 G\u00fcvenlik \u00c7\u00f6z\u00fcmleri<\/a><\/li>\n<li><a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/11\/01\/terraform-bulut-altyapi-otomatiklestirme-yonetimi\/\">Terraform ile Bulut Altyap\u0131n\u0131z\u0131 Otomatikle\u015ftirin ve Y\u00f6netin: BirCloud&#039;un Uzmanl\u0131\u011f\u0131yla<\/a><\/li>\n<li><a href=\"https:\/\/www.bircloud.com\/cloud\/index.php\/2025\/01\/17\/argo-cd-gitops-surekli-dagitim-stratejileri\/\">Argo CD ile GitOps Tabanl\u0131 S\u00fcrekli Da\u011f\u0131t\u0131m Stratejileri: Kapsaml\u0131 Rehber<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Kubernetes a\u011f politikalar\u0131 ile mikroservis mimarilerinde g\u00fcvenli\u011fi art\u0131rma y\u00f6ntemlerini ke\u015ffedin. \u0130zolasyon, eri\u015fim kontrol\u00fc ve daha fazlas\u0131 BirCloud uzmanl\u0131\u011f\u0131yla.<\/p>\n","protected":false},"author":2,"featured_media":3647,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[160],"tags":[275,159,162,164,155,181],"class_list":["post-3648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bulut-bilisim","tag-ag-politikalari","tag-bircloud","tag-cloud-native","tag-guvenlik","tag-kubernetes","tag-mikroservis"],"_links":{"self":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts\/3648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/comments?post=3648"}],"version-history":[{"count":1,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts\/3648\/revisions"}],"predecessor-version":[{"id":3649,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/posts\/3648\/revisions\/3649"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/media\/3647"}],"wp:attachment":[{"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/media?parent=3648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/categories?post=3648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bircloud.com\/cloud\/index.php\/wp-json\/wp\/v2\/tags?post=3648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}