Difference between revisions of "Kubernetes network policies"
Jump to navigation
Jump to search
Line 5: | Line 5: | ||
https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource | https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource | ||
Official example: | Official example: | ||
− | + | ||
− | apiVersion: networking.k8s.io/v1 | + | |
− | kind: NetworkPolicy | + | apiVersion: networking.k8s.io/v1 |
− | metadata: | + | kind: NetworkPolicy |
− | + | metadata: | |
− | + | name: test-network-policy | |
− | spec: | + | namespace: default |
− | + | spec: | |
− | + | podSelector: | |
− | + | matchLabels: | |
− | + | role: db | |
− | + | policyTypes: | |
− | + | - Ingress | |
− | + | - Egress | |
− | + | ingress: | |
− | + | - from: | |
− | + | - ipBlock: | |
− | + | cidr: 172.17.0.0/16 | |
− | + | except: | |
− | + | - 172.17.1.0/24 | |
− | + | - namespaceSelector: | |
− | + | matchLabels: | |
− | + | project: myproject | |
− | + | - podSelector: | |
− | + | matchLabels: | |
− | + | role: frontend | |
− | + | ports: | |
− | + | - protocol: TCP | |
− | + | port: 6379 | |
− | - to: | + | egress: |
− | + | - to: | |
+ | - ipBlock: | ||
cidr: 10.0.0.0/24 | cidr: 10.0.0.0/24 | ||
ports: | ports: | ||
Line 41: | Line 42: | ||
port: 5978 | port: 5978 | ||
− | |||
== Related == | == Related == |
Revision as of 16:29, 9 July 2022
https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource Official example:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978
Related
See also
- Kubernetes: distributions, tools, CKA, CKS, Kubernetes interfaces: CSI, CNI, installation, workloads, networking,
kubeadm
,Kubernetes API
, Kubernetes API Server,kubectl, kubeadm, kubelet, kube-proxy
, Cloud services: EKS, GKE, TKE, DKS, Helm, Kubernetes RBAC, Kubernetes deployments, Minikube, Rancher, OpenShift, Charmed Kubernetes, Ingress, Kubernetes scheduler, Kubernetes Finalizers, logging, Kubernetes operator, Orka,kind:
, Kubernetes namespaces, Kubernetes dashboard, Kubernetes Metrics Server, Field Selectors, CoreDNS, CRI, Kubernetes Topology Manager, Kubernetes governance: (SIG, KEP), Kustomize, controllers,ReadinessProbe, LivenessProbe
, KOPS, K9s, Kui, k3s, ImagePullBackOff, PDB, EndPoints, Kots, metadata, Karpenter, Replicated.com, Kubernetes Authenticating, Kubernetes timeline, Changelog/Versions, service accounts, Kubernetes Pod Lifecycle, Kubernetes Conformance Certified, Kubernetes backup, Kubernetes Pod Security Admission, tEKS, Kubernetes events, Kubernetes ports, Kubernetes policies, Connect, addons, DoKC, Kubernetes control plane, Kubernetes Federation, Kubernetes info, Kubetest2, Sidecar (Kubernetes)
Advertising: