NetworkPolicy
Kubernetes NetworkPolicy examples for controlling ingress and egress traffic to pods using label selectors and port rules.
The first policy below allows incoming TCP traffic on port 80 to any pod with the label run: np-test-1 from all sources. The second policy restricts egress from pods labeled name: internal to only MySQL (port 3306) and Payroll (port 8080) pods.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# allow incoming traffic to pod "run: np-test-1" to port 80 from everywhere
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-to-nptest
namespace: default
spec:
podSelector:
matchLabels:
run: np-test-1
policyTypes:
- Ingress
ingress:
- from:
ports:
- protocol: TCP
port: 80
cat policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: internal-policy
namespace: default
spec:
podSelector:
matchLabels:
name: internal
policyTypes:
- Egress
egress:
# MySQL rule
- to:
- podSelector:
matchLabels:
name: mysql
ports:
- protocol: TCP
port: 3306
# Payroll rule
- to:
- podSelector:
matchLabels:
name: payroll
ports:
- protocol: TCP
port: 8080
This post is licensed under CC BY 4.0 by the author.