Examples of Network Policy Configuration

2nd chunk of `content/en/blog/_posts/2017-10-00-Enforcing-Network-Policies-In-Kubernetes.md`

ed815995aa9c356e1da6067fa0947b16c3e9c568002014a000000001000004ef

![](https://lh4.googleusercontent.com/e8JzhKYICOzh44sHcedjt4IRRpw2zpFNbJ2UY83fBdWYCIvFVSlHJNmIwLzIHVxrScc2eNCyv37mm903TVT9VkMuHPxe_5Hk8CvJTqGsSK7WtEDCbn1Q25S-o_kHcEiKUUl1NV9g)


To achieve this setup, create a NetworkPolicy with the following manifest:  


```
kind: NetworkPolicy

apiVersion: networking.k8s.io/v1

metadata:

  name: access-nginx

spec:

  podSelector:

    matchLabels:

      app: nginx

  ingress:

  - from:

    - podSelector:

        matchLabels:

          app: foo
 ```


Once you apply this configuration, only pods with label **app: foo** can talk to the pods with the label **app: nginx**. For a more detailed tutorial, see the [Kubernetes documentation](/docs/tasks/administer-cluster/declare-network-policy/).  


## Example: restricting traffic between all pods by default
If you specify the spec.podSelector field as empty, the set of pods the network policy matches to all pods in the namespace, blocking all traffic between pods by default. In this case, you must explicitly create network policies whitelisting all communication between the pods.  

 ![](https://lh6.googleusercontent.com/FYmu74F7fW7DabtzBd6PULsgzKz0WmCli2Sw0SW8zVr0U7m-P6eGvov0mZGv9ngxncGXJmPxzapL3yQXXSBKTHsI8zw5kh-2hqzK6fW7YuqU6X5ofb5ilbis2KUJ2HvF3IHXsMcK)

Title: Examples of Network Policy Configuration

Summary

The document provides examples of how to configure network policies in Kubernetes. One example shows how to restrict traffic to a pod, allowing only pods with the label 'app: foo' to communicate with pods labeled 'app: nginx'. The other example demonstrates restricting traffic between all pods by default, requiring explicit whitelisting of communication.