Difference between revisions of "K8s network policy"

https://loft.sh/blog/kubernetes-network-policies-for-isolating-namespaces/

https://kubernetes.io/docs/concepts/services-networking/network-policies/

k8s core DNS example egress

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: foo
spec:
  podSelector:
    matchLabels:
      run: nginx
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 192.168.0.0/16
      ports:
        - protocol: TCP
          port: 80
          endPort: 81
    - to:
        - namespaceSelector: {}
          podSelector:
            matchLabels:
              k8s-app: kube-dns
      ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP