[K8S] Network Policy 정의하기

  • huaya
    (후아빠)
  • huaya's Avatar 이 글의 작성자
  • Offline
  • Junior
  • Junior
더보기
13 Dec 2022 07:49 - 15 Dec 2022 09:47 #31979 작성자: huaya
huaya 님의 글: [K8S] Network Policy 정의하기
모든 Pod의 Egress, Ingress를 차단

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny
spec:
  podSelector: {}
  policyTypes:
  - Egress
  - Ingress



위 설정에서 DNS(53포트)는 허용

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny
spec:
  podSelector: {}
  policyTypes:
  - Egress
  - Ingress
  egress:
  - to:
    ports:
      - port: 53
        protocol: TCP
      - port: 53
        protocol: UDP



특정 namespace에 대해 9000 포트만 허용
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-9000-from-namespace
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          color: pink
    ports:
      - port: 9000
        protocol: TCP
Time to create page: 0.045 seconds
Powered by Kunena Forum