Home Explore Blog CI



kubernetes
4th chunk of `content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md`
1d0713121adb1ba4ca51e6423003b7ec19a3ed7b6c221e9f000000010000085f
  

You can enable a policy like this by applying the following manifest in your Kubernetes cluster:  


```
apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: default-deny

spec:

  podSelector:
 ```



## Other Network Policy features
In addition to the previous examples, you can make the Network Policy API enforce more complicated rules:



- Egress network policies: Introduced in Kubernetes 1.8, you can restrict your workloads from establishing connections to resources outside specified IP ranges.
- IP blocks support: In addition to using podSelector/namespaceSelector, you can specify IP ranges with CIDR blocks to allow/deny traffic in ingress or egress rules.
- Cross-namespace policies: Using the ingress.namespaceSelector field, you can enforce Network Policies for particular or for all namespaces in the cluster. For example, you can create privileged/system namespaces that can communicate with pods even though the default policy is to block traffic.
- Restricting traffic to port numbers: Using the ingress.ports field, you can specify port numbers for the policy to enforce. If you omit this field, the policy matches all ports by default. For example, you can use this to allow a monitoring pod to query only the monitoring port number of an application.
- Multiple ingress rules on a single policy: Because spec.ingress field is an array, you can use the same NetworkPolicy object to give access to different ports using different pod selectors. For example, a NetworkPolicy can have one ingress rule giving pods with the kind: monitoring label access to port 9000, and another ingress rule for the label app: foo giving access to port 80, without creating an additional NetworkPolicy resource.

## Learn more

- Read more: [Networking Policy documentation](/docs/concepts/services-networking/network-policies/)
- Read more: [Unofficial Network Policy Guide](https://ahmet.im/blog/kubernetes-network-policy/)
- Hands-on: [Declare a Network Policy](/docs/tasks/administer-cluster/declare-network-policy/)
- Try: [Network Policy Recipes](https://github.com/ahmetb/kubernetes-networkpolicy-tutorial)
Title: Advanced Network Policy Features in Kubernetes
Summary
The text describes various advanced features of Kubernetes Network Policies, including egress policies, IP block support, cross-namespace policies, port restrictions, and multiple ingress rules within a single policy. It also provides links to further documentation, guides, hands-on tutorials, and recipe examples for learning more about Network Policies.