CKS Study Memo on Network Policies
official document: https://kubernetes.io/docs/concepts/services-networking/network-policies/
You can control traffic between pods using the NetworkPolicy resource.
Use NetworkPolicy when you want to restrict traffic, for example for security reasons.
So what we need to know is how to write a NetworkPolicy manifest.
In the sample manifest, the selectors are written like this.
ingress:
- from:
- namespaceSelector:
matchLabels:
user: alice
- podSelector:
matchLabels:
role: client
This means the policy is applied if the namespace label is user:alice OR
the pod label is role:client.
If you want an AND condition instead, write it like this.
ingress:
- from:
- namespaceSelector:
matchLabels:
user: alice
podSelector:
matchLabels:
role: client
Stay tuned for more CKS topics!
Top comments (0)