JumbledCode
Reputation: 105
Kubernetes: How to create ingress type networkpolicy to allow only access to labeled pods
I have the following deployment
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
status: {}
Question 1 : How do you expose this deployment via a ClusterIP service on port 8080.
Question 2 : How would I create a new Ingress Type NetworkPolicy to allows only the pods with label access=redis to access the deployment.
Upvotes: 1
Views: 280
Answers (1)
Arghya Sadhu
Reputation: 44559
Service
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 8080
targetPort: 6379
Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
spec:
podSelector:
matchLabels:
app: redis
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
access: redis
ports:
- protocol: TCP
port: 6379
Upvotes: 2
Related Questions
- How to use network policy to allow access to pods only from a specific namespace to another in kubernetes?
- How to block all traffic to pods matching a label using a NetworkPolicy
- Kubernetes Restrict Node to run labeled pods only
- Isolate pods in a namepace from other namespaces using network policy
- Kubernetes : How to limit traffic to only two types of pods labeled 'A' and 'B' using a NetworkPolicy
- Network policy to restrict communication of pods within namespace and port
- Allowing Pods to communicate with other pods via Network Policies
- How to allow external traffic and deny inter pod communication using network policy?
- How to write k8s NetworkPolicy to deny trafic from pod to pod?
- Allow traffic where from-pod label equals to-pod label