Skip to content

Advanced NetworkPolicies

In this YAML example below there is a NetworkPolkicy that will allow communication initiated from another namespace <NAME OF ANOTHER NAMESPACE> to the current namespace:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: 'namespacelink'
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector: {}
          namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <NAME OF ANOTHER NAMESPACE>

This NetworkPolicy needs to be created in the current namespace.

In order to apply it, you just need to create a file with the contents above, remember to replace the value of the namespace. Once the file is created:

oc create -f file.yaml

You can check that the NetworkPolicy was created correctly by:

$ oc describe NetworkPolicy namespacelink
Name:         namespacelink
Namespace:    test-httpd2
Created on:   2024-01-22 11:35:41 +0200 EET
Labels:       <none>
Annotations:  <none>
Spec:
  PodSelector:     <none> (Allowing the specific traffic to all pods in this namespace)
  Allowing ingress traffic:
    To Port: <any> (traffic allowed to all ports)
    From:
      NamespaceSelector: kubernetes.io/metadata.name=test-rc
      PodSelector: <none>
  Not affecting egress traffic
  Policy Types: Ingress

For more information check our Network information page