Kubernetes Network Policy

# Kubernetes Network Policy ###### tags: `NTUToolmenLab` intro https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/ more detail https://kubernetes.io/docs/concepts/services-networking/network-policies/ example https://github.com/ahmetb/kubernetes-network-policy-recipes spce https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#networkpolicy-v1-networking-k8s-io My target: allow all egress except to cluster (Not include DNS) My pods ip are in `10.90.0.0/16` ``` yml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: user-policy namespace: user spec: podSelector: matchLabels: yourapp: your app name policyTypes: - Egress egress: - to: - ipBlock: cidr: 0.0.0.0/0 except: - 10.90.0.0/16 - ports: - port: 53 protocol: UDP - port: 53 protocol: TCP ```