More than 1 year has passed since last update.

CKA試験、Ingress Network Policy（命令語）

Last updated at 2023-04-25Posted at 2023-04-25

Ingress Network Policy

チートシート

kubectl create namespace customa
kubectl run poc --image=nginx --port=80 --labels=app=poc

vi allow-web-from-customa.yaml

(修正前)allow-web-from-customa.yaml

(修正前1)allow-web-from-customa.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
        - podSelector:
            matchLabels:
              role: frontend
      ports:
        - protocol: TCP
          port: 6379
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978

(修正後)allow-web-from-customa.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web-from-customa
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: poc # pod label 必要
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              partition: customa # namespace Label 必要
      ports:
        - protocol: TCP
          port: 6379

kubectl apply -f ./allow-web-from-customa.yaml

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up