A collection of ready-to-use Kubernetes Network Policy YAML recipes to secure and control pod-to-pod and external traffic in Kubernetes clusters.
Example recipes for Kubernetes Network Policies that you can just copy paste
This tool is designed for Kubernetes administrators and DevOps engineers who want to implement network segmentation and traffic control within their clusters using Network Policies. It provides practical, copy-paste examples to quickly apply ingress and egress firewall rules to pods and namespaces, enhancing cluster network security and compliance.
Applying Network Policies on existing clusters without prior testing can disrupt networking; it is recommended to start with a new cluster or carefully test policies in a staging environment. Network Policies are additive and deny-by-default, so ensure policies collectively cover all required traffic flows. Familiarity with Kubernetes namespaces and pod selectors is essential for effective use.
Create a new Kubernetes cluster (recommended Google Kubernetes Engine for easy Network Policy support)
Clone the repository to your local machine
Review the example YAML files relevant to your use case
Apply the desired NetworkPolicy YAML files to your cluster using kubectl
Test and verify network restrictions as per the applied policieskubectl apply -f 01-deny-all-traffic-to-an-application.yaml
Apply a NetworkPolicy that denies all traffic to a specific application.
kubectl apply -f 02-limit-traffic-to-an-application.yaml
Apply a NetworkPolicy that limits ingress traffic to an application.
kubectl apply -f 08-allow-external-traffic.yaml
Apply a NetworkPolicy that allows traffic from external clients.
kubectl apply -f 11-deny-egress-traffic-from-an-application.yaml
Apply a NetworkPolicy that denies all outbound traffic from an application.
kubectl apply -f 03-deny-all-non-whitelisted-traffic-in-the-namespace.yaml
Apply a NetworkPolicy to deny all non-whitelisted traffic within a namespace.