[k8s] Network Policy

[k8s] Network Policy ====== ###### tags: `kubernetes` `security` ![](https://i.imgur.com/eBrL3YI.png) > `or` condition, 3 seperate rules ![](https://i.imgur.com/V2L6Icw.png) ## example ![](https://hackmd.io/_uploads/H1z0BlKfa.png =400x) 1. 允許`internal` pod 利用port 336連到 `mysql` pod 2. 允許`internal` pod 利用port 8080連到 `payroll` pod ```yaml= apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: internal-policy namespace: default spec: podSelector: matchLabels: name: internal policyTypes: - Egress egress: - to: - podSelector: matchLabels: name: mysql ports: - protocol: TCP port: 3306 - to: - podSelector: matchLabels: name: payroll ports: - protocol: TCP port: 8080 ```