Network

A NetworkPolicy in Kubernetes is a set of rules that controls ingress and egress traffic to and from Pods, based on labels, namespaces, and ports. It acts like a firewall at the Pod level, allowing you to define which Pods can talk to which other Pods or external endpoints.

Network Policy

k get networkpolicies.networking.k8s.io

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector:
    matchLabels:
      app: my-app
  policyTypes:
  - Ingress # If not defined, it is not restricted
#  - Egress # If no rules defined for it, it is fully restricted

  ingress:
  - from: 
    - podSelector: 
        matchLabels:
          name: api-pod
      namespaceSelector: # put at - then it is an OR rule
        matchLabels: # network policy only use matchLabels, no matchName.
            name: prod
    - ipBlock:
          cidr: 192.168.5.10/32
    ports:
    - protocol: TCP
      port: 3306
#  egress:
#  - to: 
#    - ipBlock:
#        cidr: 192.168.5.10/32
#    ports:
#    - protocol: TCP
#      ports: 80

Network Policy​

Network Policy