owned this note owned this note

Kubernetes Network Policy

tags: `NTUToolmenLab`

intro https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/

more detail https://kubernetes.io/docs/concepts/services-networking/network-policies/

example https://github.com/ahmetb/kubernetes-network-policy-recipes

spce https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#networkpolicy-v1-networking-k8s-io

My target: allow all egress except to cluster (Not include DNS)

My pods ip are in 10.90.0.0/16

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: user-policy
  namespace: user
spec:
  podSelector:
    matchLabels:
      yourapp: your app name
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
        except: 
        - 10.90.0.0/16
  - ports:
    - port: 53
      protocol: UDP 
    - port: 53
      protocol: TCP

Cheatsheet

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.

Select a repo

Kubernetes Network Policy

tags: NTUToolmenLab

tags: `NTUToolmenLab`