K
Q

How to write k8s NetworkPolicy to deny trafic from pod to pod?

5/7/2019

i'ams truggle with writing K8s network policy to deny trafic from pod to pod, pod must be specefied by label or name.

Can some one help me?

I'am not are devops/sys admin. And i need this for Integration Testting. I check https://github.com/ahmetb/kubernetes-network-policy-recipes examples. But still can't do it.

Here is exampel that allow acces from only one service

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: api-allow
spec:
  podSelector:
    matchLabels:
      app: bookstore
      role: api
  ingress:
  - from:
      - podSelector:
          matchLabels:
            app: bookstore

But i need oposite things, denny only from one pod.

-- Grigoriev Nick
kubernetes
kubernetes-networkpolicy
networking

Similar Questions

How to set external IP for nginx-ingress controller in private cloud kubernetes cluster
How to remote debug a java based service running in openshift cluster of type ClusterIP?
pod-to-pod communication issues on k8s cluster created with kubeadm
Can't access Administration Console page with keycloak behind Kong Ingress Controller
Pod status CrashLoopBackOff
Can a configMap of type array be created in Kubernetes

1 Answer

5/7/2019

you should define two network policies as mentioned below

  1. default deny all traffic
  2. allow the traffic to a pod from other pods/namespaces

here are some good recipes that would be helpful. follow the link network policy recipes

-- P Ekambaram
Source: StackOverflow