K8s-networkpolicy: Difference between revisions
Jump to navigation
Jump to search
(Created page with "<pre> #NAMESPACE NETWORK ISOLATION cat <<EOF |kubectl -n ${nameSpace} apply -f - kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: allow-same-namespace sp...") |
No edit summary |
||
| Line 1: | Line 1: | ||
<pre> | <pre> | ||
#NAMESPACE NETWORK ISOLATION | #NAMESPACE NETWORK ISOLATION | ||
#Define namespace : | |||
export nameSpace= | |||
#Execute : | |||
cat <<EOF |kubectl -n ${nameSpace} apply -f - | cat <<EOF |kubectl -n ${nameSpace} apply -f - | ||
kind: NetworkPolicy | kind: NetworkPolicy | ||
Revision as of 09:32, 20 April 2023
#NAMESPACE NETWORK ISOLATION
#Define namespace :
export nameSpace=
#Execute :
cat <<EOF |kubectl -n ${nameSpace} apply -f -
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-same-namespace
spec:
podSelector:
matchLabels:
ingress:
- from:
- podSelector: {}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress
podSelector: {}
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-ingress
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
policy-group.network.openshift.io/ingress: ""
podSelector: {}
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-monitoring
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
network.openshift.io/policy-group: monitoring
podSelector: {}
policyTypes:
- Ingress
EOF