• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

Submit an issue
  • Rackspace KaaS
  • Release Notes
    • Preface
    • Known issues
    • What's new in 1.5.0
    • What's new in 1.4.0
    • What's new in 1.3.0
    • What's new in 1.2.0
    • What's new in 1.1.1
    • What's new in 1.1.0
    • What's new in 1.0.x
      • General changes and improvements
      • Kubernetes
      • Rackspace KaaS Control Panel
      • Private Docker image registry
      • Monitoring
      • Logging
      • Networking
      • Storage
    • List of components and versions
    • Document history and additional information
    • Disclaimer
  • Technical FAQ
  • User Guide
    • Preface
    • Overview
      • KaaS Control Panel
        • Authentication
        • Authorization
        • Cluster Selection
        • Navigation
          • Cluster Overview
          • Pod Security Policies
          • Namespaces
          • Tokens
      • Managed services
      • Ingress controller
        • Authentication and authorization
      • Cluster roles
      • Disaster recovery
      • High availability
      • Resource limits
      • Monitoring
    • Prerequisites
      • Access your Kubernetes cluster
    • Configure your environment
      • Install the Kubernetes certificate authority
      • Configure application metrics monitoring
      • Access the Rackspace KaaS dashboards
        • Perform OpenStack operations from your local machine
    • Configure Kubernetes users
      • Create an OpenStack role
      • Configure AD groups
      • Create a user and assign the role
      • Create a namespace in Kubernetes
      • Create a Kubernetes role and map it to an OpenStack role
      • Create a Kubernetes role binding by using kubectl
    • Example of basic operations
      • Launch a new Deployment
      • Expose your Deployment with a LoadBalancer
      • Access your Deployment
      • Add persistent storage to your Deployment
        • Using local storage
      • Scale replicas for your Deployment
      • Clean up the Deployment
    • Set up your cluster to use a private Docker image registry
      • Add users to a Harbor project
        • Examples of usage
      • Example of private Docker registry usage
      • Example of the library project usage
    • Managed DNS records for Kubernetes services
      • Example
      • Troubleshooting
    • Logging and monitoring
      • Logging
        • Using Kibana
      • Monitoring
        • Using Grafana
      • Monitor Kubernetes applications
        • Example: Deploy a MySQL database with Prometheus monitoring
        • Troubleshooting
    • Networking
      • Network traffic flow
    • Platform security
      • Limitations
      • Configure network policies
        • Example of a restrictive network policy
      • Configure Pod security policies
    • Document history and additional information
    • Disclaimer

Configure network policies#

Kubernetes clusters use the NetworkPolicy resource to control network access between Pods.

Example of a restrictive network policy#

The following code snippet creates a NetworkPolicy for the foo-dev namespace that prevents all ingress and egress traffic. This NetworkPolicy provides the most secure and most restrictive configuration because it blocks all communication to and from the namespace. You can use this example as a base layer in new namespaces, and then add new policies for specific Pods to selectively whitelist the network traffic.

$ kubectl create -f- <<EOF
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    namespace: foo-dev
    name: default-deny
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress
  EOF

For more information, see Kubernetes NetworkPolicy documentation.

Previous Limitations
Next Configure Pod security policies
Docs
  • Style Guide for Technical Content
  • Cloud Backup
  • Cloud Block Storage
  • Cloud Databases
  • Cloud DNS
  • Cloud Files
  • Identity
  • Cloud Images
  • Cloud Load Balancers
  • Cloud Monitoring
  • Cloud Orchestration
  • Cloud Networks
  • Cloud Queues
  • Cloud Servers
  • Rackspace Auto Scale
  • Rackspace CDN
Sdks
  • Go
  • Java
  • .Net
  • Node
  • PHP
  • Python
  • Ruby
Partner Tools
  • Airbrake
  • Mailgun
  • ObjectRocket
  • RedisToGo
Blog
  • Technical Blog
  • Rackspace Blog
©2019 Rackspace US, Inc.
  • ©2019 Rackspace US, Inc.
  • About Rackspace
  • Investors
  • Careers
  • Privacy Statement
  • Website Terms
  • Trademarks