Azure · jaer-tsun · Jan 3, 2020 · Dec 20, 2019 · Dec 20, 2019 · Jan 3, 2020
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: "backend"
+  egress:
+    - {}
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - namespaceSelector: {}
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-to-app-frontend
+  namespace: testnamespace
+spec:
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - {}
+  policyTypes:
+    - Ingress
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backend-to-frontend-on-port-8000-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: frontend
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: backend
+      ports:
+        - port: 8000
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backend-to-frontend-on-port-53-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: frontend
+  egress:
+    - ports:
+        - protocol: TCP
+          port: 53
+        - protocol: UDP
+          port: 53
+    - to:
+        - namespaceSelector: {}
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  podSelector:
+    matchLabels:
+      app: "backend"
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: frontend
+  policyTypes:
+    - Ingress
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-backdoor-policy
+  namespace: dangerous
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "backdoor"
+  ingress:
+    - from: []
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-multiple-labels-to-multiple-labels
+  namespace: acn
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: k8s
+      team: aks
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              program: cni
+              team: acn
+        - podSelector:
+            matchLabels:
+              binary: cns
+              group: container
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: backend
+          namespaceSelector:
+            matchLabels:
+              ns: dev
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-ns-dev-to-app-frontend
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              namespace: "dev"
+            matchExpressions:
+              - key: namespace
+                operator: NotIn
+                values:
+                  - test0
+                  - test1
@@ -0,0 +1,15 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels: {}
@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: k8s-example-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      role: db
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - ipBlock:
+            cidr: 172.17.0.0/16
+            except:
+              - 172.17.1.0/24
+        - namespaceSelector:
+            matchLabels:
+              project: myproject
+        - podSelector:
+            matchLabels:
+              role: frontend
+      ports:
+        - protocol: TCP
+          port: 6379
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 10.0.0.0/24
+      ports:
+        - protocol: TCP
+          port: 5978
@@ -0,0 +1,11 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Egress
+  podSelector:
+    matchLabels:
+      app: "backend"
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: unsafe
+spec:
+  policyTypes:
+    - Egress
+  podSelector: {}
+  egress: []
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector: {}
+  ingress: []
@@ -0,0 +1,11 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  podSelector:
+    matchLabels:
+      app: "frontend"
+  policyTypes:
+    - Ingress
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-all-policy
+  namespace: testnamespace
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      app: "frontend"
+    matchExpressions:
+      - key: k0
+        operator: DoesNotExist
+        values: []
+      - key: k1
+        operator: In
+        values:
+          - v0
+          - v1
+  ingress:
+    - from:
+        - namespaceSelector: {}