Network policies for CKA

kubectl get pods --show-labels

Create a network policy to allow traffic from the ‘Internal’ application only to the ‘payroll-service’ and ‘db-service’

Use the spec given on the right. You might want to enable ingress traffic to the pod to test your rules in the UI.

  • Policy Name: internal-policy
  • Policy Types: Egress
  • Egress Allow: payroll
  • Payroll Port: 8080
  • Egress Allow: mysql
  • MYSQL Port: 3306
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: internal-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      name: Internal
  policyTypes:
  - Egress
  egress:
  - to:
    - podSelector:
        matchLabels:
          name: mysql
    ports:
    - protocol: TCP
      port: 3306
  - to:
    - podSelector:
        matchLabels:
          name: payroll
    ports:
    - protocol: TCP
      port: 8080

Leave a Reply

Your email address will not be published.

ANOTE.DEV