networking.k8s.io/v1
·NetworkPolicy
NetworkPolicy describes what network traffic is allowed for a set of Pods
Click on Property Name to show the description, and Pink Types to expand schema.
Required properties are marked with *
Change History
Kubernetes v1.32
Kubernetes v1.31
Kubernetes v1.30
Kubernetes v1.29
Kubernetes v1.28
1 property has been removed on this version
- .status
Kubernetes v1.27
9 properties have changed the description
- .metadata.annotations
- .metadata.labels
- .metadata.name
- .metadata.namespace
- .metadata.ownerReferences.name
- .metadata.ownerReferences.uid
- .metadata.uid
- .spec
- .status
Kubernetes v1.26
4 properties have changed the description
- .spec.egress.to.ipBlock.cidr
- .spec.egress.to.ipBlock.except
- .spec.ingress.from.ipBlock.cidr
- .spec.ingress.from.ipBlock.except
Kubernetes v1.25
1 property has been removed on this version
- .metadata.clusterName
2 properties have changed the description
- .spec.egress.ports.endPort
- .spec.ingress.ports.endPort
Kubernetes v1.24
1 property has been added on this version
- .status
5 properties have changed the description
- .metadata.clusterName
- .metadata.generateName
- .metadata.managedFields.time
- .metadata.ownerReferences.blockOwnerDeletion
- .metadata.selfLink
Kubernetes v1.23
Kubernetes v1.22
1 property has been added on this version
- .metadata.managedFields.subresource
2 properties have changed the description
- .spec.egress.ports.endPort
- .spec.ingress.ports.endPort
Kubernetes v1.21
2 properties have been added on this version
- .spec.egress.ports.endPort
- .spec.ingress.ports.endPort
3 properties have changed the description
- .spec.egress.ports.port
- .spec.ingress.ports.port
- .spec.policyTypes
Kubernetes v1.20
Kubernetes v1.19
1 property has changed the description
- .metadata.namespace
Kubernetes v1.18
4 properties have changed the description
- .spec.egress.to.ipBlock.cidr
- .spec.egress.to.ipBlock.except
- .spec.ingress.from.ipBlock.cidr
- .spec.ingress.from.ipBlock.except
Kubernetes v1.17
1 property has changed the description
- .metadata.finalizers
Kubernetes v1.16
2 properties have been added on this version
- .metadata.managedFields.fieldsType
- .metadata.managedFields.fieldsV1
2 properties have been removed on this version
- .metadata.initializers
- .metadata.managedFields.fields
10 properties have changed the description
- .apiVersion
- .kind
- .metadata.creationTimestamp
- .metadata.deletionTimestamp
- .metadata.generateName
- .metadata.managedFields
- .metadata.ownerReferences.kind
- .metadata.resourceVersion
- .metadata.selfLink
- .spec.ingress.from
Kubernetes v1.15
1 property has been added on this version
- .metadata.initializers.result.metadata.remainingItemCount
Kubernetes v1.14
1 property has been added on this version
- .metadata.managedFields
2 properties have changed the description
- .metadata
- .spec.policyTypes
Kubernetes v1.13
Kubernetes v1.12
3 properties have changed the description
- .metadata.initializers.result.metadata.continue
- .spec.egress.ports.protocol
- .spec.ingress.ports.protocol
Kubernetes v1.11
6 properties have changed the description
- .spec.egress.to.ipBlock
- .spec.egress.to.namespaceSelector
- .spec.egress.to.podSelector
- .spec.ingress.from.ipBlock
- .spec.ingress.from.namespaceSelector
- .spec.ingress.from.podSelector
Examples
There are 6 examples of NetworkPolicy that you can use as a starting point to create your own.
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-ingress namespace: public-api # NetworkPolicy is a namespaced resource spec: podSelector: {} policyTypes: - Ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-ingress
namespace: public-api # NetworkPolicy is a namespaced resource
spec:
podSelector: {}
ingress:
- {}
policyTypes:
- Ingress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-egress
namespace: public-api # NetworkPolicy is a namespaced resource
spec:
podSelector: {}
policyTypes:
- Egress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-egress
namespace: public-api # NetworkPolicy is a namespaced resource
spec:
podSelector: {}
egress:
- {}
policyTypes:
- Egress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: public-api # NetworkPolicy is a namespaced resource
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: public-api # NetworkPolicy is a namespaced resource
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978