Struggling with Network Policy

pcasis · November 5, 2019, 4:40pm

Hello,

I’m struggling with a NetworkPolicy.

I’ve a namespace in which I’ve an application that need to be accessed from outside (ingress) of the cluster and access others servers (egress).

Here is my config file :

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: np-X
  namespace: ns-X
spec:
  podSelector:
    matchLabels:
  egress:
  - to:
    - ipBlock:
        cidr: A.B.C.D/32
    - ipBlock:
        cidr: E.F.G.H/32
  ingress:
  - from: []

So for me : everything in Ingress is accepted for all pods in the namespace and only egress to the specifcs ipBlocks are accepted.

Am I wrong or not ?

Regards

rk123 · June 1, 2021, 11:54am

You can use something like this

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: internal-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      name: internal
  policyTypes:
  - Egress
  - Ingress
  ingress:
    - {}
  egress:
  - to:
    - podSelector:
        matchLabels:
          name: mysql
    ports:
    - protocol: TCP
      port: 3306

  - to:
    - podSelector:
        matchLabels:
          name: payroll
    ports:
    - protocol: TCP
      port: 8080
 
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP

Velu · March 15, 2024, 2:12pm

Please refer official document to debug

Topic		Replies	Views
Kubernetes network policy not getting applied General Discussions	1	673	September 28, 2018
Ingress Network Policy General Discussions	2	1268	August 22, 2023
Network policy for Egress with matchExpressions not working General Discussions network	2	71	September 10, 2024
Seeking Simplified Approaches for Common Kubernetes Network Policy Use Cases General Discussions	0	261	March 17, 2024
【HELP】about k8s networkpolicy please give me a hand General Discussions network	1	520	May 28, 2021

Struggling with Network Policy

Related topics