Professional Documents
Culture Documents
Introduction:
Kubernetes network policy lets administrators and developers enforce which network traffic is
allowed using rules
Objective:
Output:
Output:
Note: From the above output it confirms access to the web-server application
3.2 Let us Create Networking Policies allowing traffic from only certain Pods by specifying
labels
# cat > api-allow.yaml<<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-allow
spec:
podSelector:
matchLabels:
app: bookstore
role: api
ingress:
- from:
- podSelector:
matchLabels:
app: bookstore
EOF
3.3 Let us test the Network Policy is blocking the traffic, by running a Pod without the
app=bookstore label
Output:
Output:
Output:
Output:
Use Case: After applying a deny-all policy which blocks all non-whitelisted traffic to the
application, now you have to allow access to an application from all pods in the current
namespace.
Type: exit
Traffic is allowed.
Use Case: This is a fundamental policy, blocking all cross-pod networking other than the ones
whitelisted via the other Network Policies you deploy
Note:Type exit
Cleanup
# kubectl delete pod,service nginx
# kubectl delete networkpolicy default-deny-all
Output:
Output:
Cleanup
# kubectl delete networkpolicy web-allow-prod
# kubectl delete pod web
# kubectl delete service web
# kubectl delete namespace {prod,dev}
Output:
Output:
Let us verify the web server from other namespace, without labelling the application
type=monitoring, observe it is blocked:
Output:
Let us verify the web server from other namespace, labelling the application type=monitoring,
observe it is allowed: