Configure network policies#
Kubernetes clusters use the NetworkPolicy resource to control network access between Pods.
Example of a restrictive network policy#
The following code snippet creates a NetworkPolicy for the foo-dev
namespace that prevents all ingress and egress traffic. This NetworkPolicy
provides the most secure and most restrictive configuration because it blocks
all communication to and from the namespace. You can use this example
as a base layer in new namespaces, and then add new policies for
specific Pods to selectively whitelist the network traffic.
$ kubectl create -f- <<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: foo-dev
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
EOF
For more information, see Kubernetes NetworkPolicy documentation.