Home > Back-end >  Kubernetes networkpolicy multiple match labels
Kubernetes networkpolicy multiple match labels

Time:03-29

We have a default deny-all-egress policy for all pods and we have an egress-internet policy like below

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-external-egress-internet
spec:
  podSelector:
    matchLabels:
      egress: internet
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0

Now, if I try to add multiple labels under spec/podselector/matchlabels everything breaks. Is there a way for this network policy to get implemented on pods with label egress: internet OR foo:bar.

A pod with just foo:bar as label should be allowed but it's not working that way.

CodePudding user response:

Thats tricky because matchLabels does not take multiple key&value pairs and matchExpressions will be ANDed. There are two possible ways (workarounds):

  1. Create another networkpolicy (along with existingone) where matchLabels contains foo:bar.

    [or]

  2. add a new label(common) to both the workloads and use that in podSelector

Page link:https//www.codepudding.com/Backend/352668.html

Prev:Bubble chart with round country flag symbols in ggplot/ggimage
Next:Generating Controller Gen with Kubebuilder
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding