DeirdreRodgers
Reputation: 441
How to DENY all Ingress UDP using Network Policies in Kubernetes
I am new to configuring network policies in k8s. I have to make a change in production which I cant test. Basically we need to block all UDP traffic going to the pods in a specific namespace. Would the below work?
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-udp
namespace: foxden-loadtest
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
ports:
- protocol: UDPUpvotes: 0
Views: 720
Answers (1)
Harsh Manvar
Reputation: 30083
Try this example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-allow-tcp only
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
Other all traffic will get blocked. Only TCP will work
policyTypes: ["ingress"] indicates that this policy enforces policies for the ingress traffic.
inress: [] empty rule set does not whitelist any traffic, therefore all ingress traffic is blocked.
Upvotes: 2
Related Questions
- Kubernetes networking policy for service restriction
- kubernetes ingress network policy blocking services
- blacklist IP in kubernetes security policy
- Restrict access to some Kubernetes services with a global IP whitelist
- Deny egress traffic to internet on a Kubernetes pod
- Network policy to deny traffic from a particular namespace
- kubernetes egress policy to allow UDP
- How to allow external traffic and deny inter pod communication using network policy?
- How to write k8s NetworkPolicy to deny trafic from pod to pod?
- Kubernetes Network Policy Egress only allow to certain IP and port