Configure network policies#

Kubernetes clusters use the NetworkPolicy resource to control network access between Pods.

Example of a restrictive network policy#

The following code snippet creates a NetworkPolicy for the foo-dev namespace that prevents all ingress and egress traffic. This NetworkPolicy provides the most secure and most restrictive configuration because it blocks all communication to and from the namespace. You can use this example as a base layer in new namespaces, and then add new policies for specific Pods to selectively whitelist the network traffic.

$ kubectl create -f- <<EOF
  kind: NetworkPolicy
    namespace: foo-dev
    name: default-deny
    podSelector: {}
    - Ingress
    - Egress

For more information, see Kubernetes NetworkPolicy documentation.