- podSelector: Determines which pods the NetworkPolicy applies to
- policyType: Sets whether the policy governs incoming traffic (ingress), outgoing traffic (egress), or both.
- ingress: Rules for incoming traffic
- egress: Rules for outgoing traffic
- rules: Both ingress and egress rules are whitelist-based, meaning that any traffic that does not match at least one rule will be blocked.
- ports: Specifies the protocols and ports that match the rule.
- from/to selectors – Specifies the source(s) and destination(s) of network traffic that matches the rule.
- Create NetworkPolicy
- Create Secure Pod
- Create Client pod to access to secure pod
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: my-network-policy spec: podSelector: matchLabels: app: secure-app policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: allow-access: "true" ports: - protocol: TCP port: 80 egress: - to: - podSelector: matchLabels: allow-access: "true" ports: - protocol: TCP port: 80
Create Secure Pod
apiVersion: v1 kind: Pod metadata: name: network-policy-secure-pod labels: app: secure-app spec: containers: - name: nginx image: nginx ports: - containerPort: 80
Create Client pod to access to secure pod
apiVersion: v1 kind: Pod metadata: name: network-policy-client-pod spec: containers: - name: busybox image: radial/busyboxplus:curl command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]
Use this command to get the cluster IP address of the Nginx pod:
kubectl get pod network-policy-secure-pod -o wide
Try to access the secure pod from the client pod.
kubectl exec network-policy-client-pod -- curl <secure pod cluster ip address> kubectl exec network-policy-client-pod -- curl 10.42.1.10