Configure network policies#

Kubernetes clusters use the NetworkPolicy resource to control network access between pods.

Example of a restrictive network policy#

The following code snippet creates a NetworkPolicy for the foo-dev namespace that prevents all ingress and egress traffic. Because it blocks all communication to and from the namespace, this NetworkPolicy provides the most secure and most restrictive configuration. You can use the following example as a base layer in new namespaces and then add new policies for specific pods to selectively whitelist the network traffic.

$ kubectl create -f- <<EOF
  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    namespace: foo-dev
    name: default-deny
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress
  EOF

For more information, see the Kubernetes NetworkPolicy documentation.