Listing 1: Netzwerkrichtlinie für Standard-Namespace

01 apiVersion: networking.k8s.io/v1
02 kind: NetworkPolicy
03 metadata:
04 name: allow-ingress-from-prometheus
05 namespace: default
06 spec:
07 podSelector:
08 matchLabels:
09 app: redis
10 policyTypes:
11 - Ingress
12 ingress:
13 - from:
14 - namespaceSelector: {}
15 podSelector:
16 matchLabels:
17 app: prometheus


Listing 2: Richtlinie mit erlaubtem kube-dns-Verkehr

01 apiVersion: networking.k8s.io/v1
02 kind: NetworkPolicy
03 metadata:
04 name: allow-egress-to-kube-dns
05 spec:
06 podSelector: {}
07 policyTypes:
08 - Egress
09 egress:
10 - to:
11 - podSelector: {}
12 - to:
13 - namespaceSelector: {}
14 podSelector:
15 matchLabels:
16 k8s-app: kube-dns
17 ports:
18 - port: 53
19 protocol: UDP