1
There are existing Pods in Namespace space1 and space2 .
We need a new NetworkPolicy named np that restricts all Pods in Namespace space1 to only have outgoing traffic to Pods in Namespace space2 . Incoming traffic not affected.
The NetworkPolicy should still allow outgoing DNS traffic on port 53 TCP and UDP.
정답
- restricts all Pods in Namespace space1 to only have outgoing traffic to Pods in Namespace space2"라고 되어 있어서 나가는 트래픽을 제한하는 것 -> 그래서 to를 사용, space1 네임스페이스의 Pod들이 space2 네임스페이스의 Pod들로만 트래픽을 보내도록 설정
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: np
namespace: space1
spec:
policyTypes:
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: space2
- ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53