kubernetes / website

Kubernetes website and documentation repo:
https://kubernetes.io
Creative Commons Attribution 4.0 International
4.51k stars 14.47k forks source link

Improvement for k8s.io/docs/concepts/services-networking/network-policies/ #48772

Open Ostromix opened 6 days ago

Ostromix commented 6 days ago

Need more examples !!! Remember, some people needed exact in your documentation for such cases like exam preparation and completeon. Because, in other cases it is moooooore convinient to use chatgpt instead of documentation, especially so lack on examples like this part.

can you just add some. like from chatgpt?

Allow Traffic from Specific Pods Permits traffic only from Pods with specific labels (e.g., app: frontend).

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-monitoring-namespace
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: monitoring

Allow External Internet Access Allows Pods to access the internet for updates or external APIs.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-internet-access
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0

Prevents traffic to sensitive subnets like a private network.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-sensitive-cidr
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 192.168.0.0/16
      except:
        - 
k8s-ci-robot commented 6 days ago

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
sftim commented 6 days ago

Would anyone like to write a NetworkPolicy tutorial?

@Ostromix if the answer turns out to be "no" (nobody volunteers), then it won't get written. Maybe you'd like to help?

sftim commented 6 days ago

/language en

iheartNathan commented 4 days ago

Would anyone like to write a NetworkPolicy tutorial? @sftim to confirm is this about creating a new tutorial for network policy or adding more example in the existing documentation?

iheartNathan commented 4 days ago

/assign

iheartNathan commented 3 days ago

/assign