apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-customer-pod
namespace: skills
spec:
podSelector:
matchLabels:
app: customer
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: product
- podSelector:
matchLabels:
app: order
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 443
- port: 80
- port: 53
protocol: TCP
- port: 53
protocol: UDP
kubectl apply -f customer.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-product-pod
namespace: skills
spec:
podSelector:
matchLabels:
app: product
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: customer
- podSelector:
matchLabels:
app: order
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 443
- port: 80
- port: 53
protocol: TCP
- port: 53
protocol: UDP
kubectl apply -f product.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-order-pod
namespace: skills
spec:
podSelector:
matchLabels:
app: order
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: customer
- podSelector:
matchLabels:
app: product
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 443
- port: 80
- port: 53
protocol: TCP
- port: 53
protocol: UDP
kubectl apply -f order.yaml