K
Q

Network policy to prevent cross namespace communication

8/12/2021

How to define a network policy to prevent communication across pods in different namespaces within the same K8s cluster?

-- Raihan
google-kubernetes-engine
kubernetes
kubernetes-networkpolicy

Similar Questions

Server Sent Events In a Kubernetes Cluster
Where does Kubernetes pull images and how can I browse them/change their pull source?
Using Snappy compression in Spark in Google Kubernetes Engine
Do all persistent Http request sent from client get routed to same pod in kubernetes?
How to set environment variable in container from Kubernetes?

1 Answer

8/13/2021

Checkout the git repo at here for many netpolicy usecases, following is one of it. 

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  namespace: default
  name: deny-from-other-namespaces
spec:
  podSelector:
    matchLabels:
  ingress:
  - from:
    - podSelector: {}

*Note a few things about this manifest:

namespace: default deploys it to the default namespace. it applies the policy to ALL pods in default namespace as the spec.podSelector.matchLabels is empty and therefore selects all pods. it allows traffic from ALL pods in the default namespace, as spec.ingress.from.podSelector is empty and therefore selects all pods.*

-- P....
Source: StackOverflow