Home > OS >  CKA Network Policy question for ingress traffic
CKA Network Policy question for ingress traffic

Time:11-01

Create an NetworkPolicy named cka-netpol in the namespace netpol. 1] Allow the pods to communicate if they are running on port 8080 within the namespace. 2] Ensure the NetworkPolicy doesn’t allow other pods that are running other than port 8080. 3] The communication from and to the pods running on port 8080. No pods running on port 8080 from other namespaces to allowed.

I want yaml file with some description theoretically.

CodePudding user response:

Allow the pods to communicate if they are running on port 8080 within the namespace.

We will only open and accept requests on port 8080 to satisfy the above request.

The communication from and to the pods running on port 8080. No pods running on port 8080 from other namespaces to allowed.

Using namespace selector to filter out the traffic from specific namespace.

Ensure the NetworkPolicy doesn’t allow other pods that are running other than port 8080.

We have applied the network policy with port as input on the namespace level

check the namespace label

kubectl get namespace netpol --show-labels

Example YAML

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: cka-netpol
  namespace: netpol
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          namespace: netpol #Use label accordingly
    ports:
      - protocol: TCP
        port: 8080

You check more example and use this link for ref : https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/09-allow-traffic-only-to-a-port.md

  • Related