Kubernetes network policy to filter on both namespaces and pod's labels

Kubernetes 1.11 and above supports combining podSelector and namespaceSelector with a logical AND:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: database.postgres
  namespace: database
spec:
  podSelector:
    matchLabels:
      app: postgres
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          namespace: default
      podSelector:
        matchLabels:
          app: admin
  policyTypes:
  - Ingress

See more details in here: https://medium.com/@reuvenharrison/an-introduction-to-kubernetes-network-policies-for-security-people-ba92dd4c809d/#f416

Edit: This has been implemented here: https://github.com/kubernetes/kubernetes/pull/60452

Currently, there is not yet a way to select certain pod from another namespace. There is an open issue for that https://github.com/kubernetes/kubernetes/issues/50451

Kubernetes network policy to filter on both namespaces and pod's labels

Tags:

Kubernetes

Related

Recent Posts