• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

Submit an issue
  • Rackspace KaaS
  • Release Notes
    • Preface
    • Known issues
    • What's new in 1.2.0
    • What's new in 1.1.1
    • What's new in 1.1.0
    • What's new in 1.0.x
      • General changes and improvements
      • Kubernetes
      • Rackspace KaaS Control Panel
      • Private Docker image registry
      • Monitoring
      • Logging
      • Networking
      • Storage
    • List of components and versions
    • Document history and additional information
    • Disclaimer
  • Technical FAQ
    • Preface
    • Technical FAQ
    • Document history and additional information
    • Disclaimer
  • User Guide
    • Overview
      • KaaS Control Panel
        • Authentication
        • Authorization
        • Cluster Selection
        • Navigation
          • Cluster Overview
          • Pod Security Policies
          • Namespaces
          • Tokens
      • Managed services
      • Ingress controller
        • Authentication and authorization
      • Cluster roles
      • High availability
      • Resource limits
    • Prerequisites
      • Access your Kubernetes cluster
    • Configure your environment
      • Install the Kubernetes certificate authority
      • Configure application metrics monitoring
      • Access the Rackspace KaaS dashboards
        • Perform OpenStack operations from your local machine
    • Configure Kubernetes users
      • Create a namespace
      • Create an OpenStack role
      • Assign the role to an OpenStack user
      • Map an OpenStack user role to a Kubernetes role
      • Role binding
    • Example of basic operations
      • Launch a new Deployment
      • Expose your Deployment with a LoadBalancer
      • Access your Deployment
      • Add persistent storage to your Deployment
        • Using local storage
      • Scale replicas for your Deployment
      • Clean up the Deployment
    • Set up your cluster to use a private Docker image registry
      • Examples of usage
        • Example of private Docker registry usage
        • Example of the library project usage
    • Logging and monitoring
      • Logging
        • Using Kibana
      • Monitoring
        • Using Grafana
    • Platform security
      • Limitations
      • Configure network policies
        • Example of a restrictive network policy
      • Configure Pod security policies
        • Pod security policies

Configure network policies#

Kubernetes clusters use the NetworkPolicy resource to control network access between Pods.

Example of a restrictive network policy#

The following code snippet creates a NetworkPolicy for the foo-dev namespace that prevents all ingress and egress traffic. This NetworkPolicy provides the most secure and most restrictive configuration because it blocks all communication to and from the namespace. You can use this example as a base layer in new namespaces, and then add new policies for specific Pods to selectively whitelist the network traffic.

$ kubectl create -f- <<EOF
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    namespace: foo-dev
    name: default-deny
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress
  EOF

For more information, see Kubernetes NetworkPolicy documentation.

Previous Limitations
Next Configure Pod security policies
Developer Network
  • Developer Center
  • API Documentation and User Guides
  • SDKs
  • Rackspace How-To
Blogs
  • Technical Blog
  • Rackspace Blog
  • Solve: Thought Leadership
Other Information
  • Customer Stories
  • Events
  • Programs
  • Careers
  • Style Guide for Technical Content
©2020 Rackspace US, Inc.
  • ©2020 Rackspace US, Inc.
  • About Rackspace
  • Privacy Statement
  • Website Terms
  • Trademarks