Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvement for k8s.io/docs/concepts/services-networking/network-policies/ #48772

Open
Ostromix opened this issue Nov 19, 2024 · 5 comments
Open

Improvement for k8s.io/docs/concepts/services-networking/network-policies/ #48772

Ostromix opened this issue Nov 19, 2024 · 5 comments
Labels
language/en Issues or PRs related to English language needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@Ostromix
Copy link

Ostromix commented Nov 19, 2024
edited by sftim
Loading

Need more examples !!!
Remember, some people needed exact in your documentation for such cases like exam preparation and completeon.
Because, in other cases it is moooooore convinient to use chatgpt instead of documentation, especially so lack on examples like this part.

can you just add some. like from chatgpt?

Allow Traffic from Specific Pods
Permits traffic only from Pods with specific labels (e.g., app: frontend).

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-monitoring-namespace
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: monitoring

Allow External Internet Access
Allows Pods to access the internet for updates or external APIs.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-internet-access
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0

Prevents traffic to sensitive subnets like a private network.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-sensitive-cidr
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 192.168.0.0/16
      except:
        -
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Nov 19, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sftim
Copy link
Contributor

sftim commented Nov 19, 2024

Would anyone like to write a NetworkPolicy tutorial?

@Ostromix if the answer turns out to be "no" (nobody volunteers), then it won't get written. Maybe you'd like to help?

@sftim
Copy link
Contributor

sftim commented Nov 19, 2024

/language en

@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Nov 19, 2024
@iheartNathan
Copy link
Contributor

Would anyone like to write a NetworkPolicy tutorial?
@sftim to confirm is this about creating a new tutorial for network policy or adding more example in the existing documentation?

@iheartNathan
Copy link
Contributor

iheartNathan commented Nov 21, 2024
edited
Loading

/assign

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
language/en Issues or PRs related to English language needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@iheartNathan @k8s-ci-robot @sftim @Ostromix