Creating Your First NetworkPolicy Definition
The NetworkPolicy resource uses labels to determine which pods it will manage. The security rules defined in the resource are applied to groups of pods. This works in the same sense as security groups that cloud providers use to enforce policies on groups of resources.
``` apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes:
- Ingress
- Egress ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector: matchLabels: project: myproject
- podSelector: matchLabels: role: frontend ports:
- protocol: TCP port: 6379 egress:
- ipBlock:
cidr: 172.17.0.0/16
except:
- to:
- ipBlock: cidr: 10.0.0.0/24 ports:
- protocol: TCP port: 5978
```