K8s-networkpolicy: Difference between revisions

From Essential
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 6: Line 6:


#Execute :
#Execute :
cat <<EOF |kubectl -n ${nameSpace} apply -f -
cat <<EOT >~/networkpolicy.yaml
kind: NetworkPolicy
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
apiVersion: networking.k8s.io/v1
Line 59: Line 59:
   policyTypes:
   policyTypes:
   - Ingress
   - Ingress
EOF
EOT
 
kubectl -n ${nameSpace} apply -f ~/networkpolicy.yaml
</pre>
</pre>

Latest revision as of 11:14, 27 August 2023

#NAMESPACE NETWORK ISOLATION

#Define namespace :
export nameSpace=

#Execute :
cat <<EOT >~/networkpolicy.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-same-namespace
spec:
  podSelector:
    matchLabels:
  ingress:
  - from:
    - podSelector: {}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-ingress
spec:
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: ingress
  podSelector: {}
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-openshift-ingress
spec:
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          policy-group.network.openshift.io/ingress: ""
  podSelector: {}
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-openshift-monitoring
spec:
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          network.openshift.io/policy-group: monitoring
  podSelector: {}
  policyTypes:
  - Ingress
EOT

kubectl -n ${nameSpace} apply -f ~/networkpolicy.yaml
Retrieved from "https://infocepo.com/wiki/index.php?title=K8s-networkpolicy&oldid=1606"