Skip to main content
HashnodeStackOps - Diary

Command Palette

Search for a command to run...

Kubernetes Network Policy

Updated
2 min read
S
StackOps - Diary

I'm a cloud-native enthusiast and tech blogger, sharing insights on Kubernetes, AWS, CI/CD, and Linux across my blog and Facebook page. Passionate about modern infrastructure and microservices, I aim to help others understand and leverage cloud-native technologies for scalable, efficient solutions.

Part of seriesKubernetes

This is the sample network policy rules file for the demo lab. You can watch the full video on YouTube.

note.md

minikube start -p mininet --network-plugin=cni --cni=calico

kubectl create ns net-test
kubectl create ns net-test-1


kubectl run pod-a -n net-test --image=busybox --restart=Never --command -- sleep 36000
kubectl run pod-c -n net-test --image=busybox --restart=Never --command -- sleep 36000
kubectl run pod-b -n net-test --image=nginx --restart=Never

kubectl expose pod pod-b -n net-test --port=80 --target-port=80 --type=ClusterIP
kubectl exec -n net-test pod-a -- wget -qO- http://pod-b.net-test.svc.cluster.local


kubectl run pod-a -n net-test-1 --image=busybox --restart=Never --command -- sleep 36000
kubectl run pod-b -n net-test-1 --image=busybox --restart=Never --command -- sleep 36000
kubectl exec -n net-test-1 pod-a -- wget -qO- http://pod-b.net-test.svc.cluster.local

deny-all.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
  namespace: net-test
spec:
  podSelector:
    matchLabels:
      run: pod-b
  policyTypes:
  - Ingress

allow-from-pod-a.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-pod-a
  namespace: net-test
spec:
  podSelector:
    matchLabels:
      run: pod-b
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          run: pod-a
    ports:
    - protocol: TCP
      port: 80

allow-name-space.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-namespace
  namespace: net-test
spec:
  podSelector:
    matchLabels:
      run: pod-b
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: net-test-1
    ports:
    - protocol: TCP
      port: 80

allow-from-another-ns-pod.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-other-namespace
  namespace: net-test
spec:
  podSelector:
    matchLabels:
      run: pod-b
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: net-test-1   
          podSelector:
            matchLabels:
              run: pod-a                
      ports:
        - protocol: TCP
          port: 80
#kubernetes
7 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Kubernetes

Part 1 of 4
Up next

Difference of Liveness and Readiness Probes

Liveness and Readiness probes are used to check the health of an application running inside a pod’s container. Both of them are very similar in functionality and usage. Liveness Probe Our applications are running inside the pod as a container; somet...

More from this blog

S

StackOps - Diary

33 posts

Welcome to the StackOps - Diary. We’re dedicated to empowering the tech community. We delve into cloud-native and microservices technologies, sharing knowledge to build modern, scalable solutions.