Example of a restrictive network policy#

The following code snippet creates a NetworkPolicy for the foo-dev namespace that prevents all ingress and egress traffic. This NetworkPolicy provides the most secure and most restrictive configuration because it blocks all communication to and from the namespace. You can use this example as a base layer in new namespaces, and then add new policies for specific Pods to selectively whitelist the network traffic.

$ kubectl create -f- <<EOF
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    namespace: foo-dev
    name: default-deny
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress
  EOF

For more information, see Kubernetes NetworkPolicy documentation.