Middle level

You need to familiarize yourself with the kubernetes NetworkPolicy API.
In this tutorial, we will use the OpenShift CLI tool oc

Advanced NetworkPolicies

In this YAML example below there is a NetworkPolicy that will allow communication initiated from another namespace <NAME OF ANOTHER NAMESPACE> to the current namespace:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: 'namespacelink'
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector: {}
          namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: <NAME OF ANOTHER NAMESPACE>

This NetworkPolicy needs to be created in the current namespace.

In order to apply it, you just need to create a file with the contents above, remember to replace the value of the namespace. Once the file is created:

oc create -f file.yaml

You can check that the NetworkPolicy was created correctly by:

$ oc describe NetworkPolicy namespacelink
Name:         namespacelink
Namespace:    test-httpd2
Created on:   2024-01-22 11:35:41 +0200 EET
Labels:       <none>
Annotations:  <none>
Spec:
  PodSelector:     <none> (Allowing the specific traffic to all pods in this namespace)
  Allowing ingress traffic:
    To Port: <any> (traffic allowed to all ports)
    From:
      NamespaceSelector: kubernetes.io/metadata.name=test-rc
      PodSelector: <none>
  Not affecting egress traffic
  Policy Types: Ingress

For more information check our Network information page

Do you find this page useful?

Yes

Thank you for your feedback!

No

Thank you! Your feedback is appreciated.

Please let us know how we could improve this page by contacting us or by creating an issue in GitHub. You can also edit this page yourself and contribute your improvements by creating a pull request.