Illustration: Network Policies

CKS Study Memo on Network Policies official document: https://kubernetes.io/docs/concepts/services-networking/network-policies/ You can control traffic between pods using the NetworkPolicy resource. Use NetworkPolicy when you want to restrict traffic, for example for security reasons. So what we need to know is how to write a NetworkPolicy manifest. In the sample manifest, the selectors are written like this. ingress: - from: - namespaceSelector: matchLabels: user: alice - podSelector: matchLabels: role: client This means the policy is applied if the namespace label is user:alice OR the pod label is role:client. If you want an AND condition instead, write it like this. ingress: - from: - namespaceSelector: matchLabels: user: alice podSelector: matchLabels: role: client Stay tuned for more CKS topics!

Read full story →