Skip to content
Browse files

Update (#17335)

* Update

Add explanation of policy evaluation order from kubernetes/kubernetes#75435

* edit text in
  • Loading branch information...
sdarwin authored and k8s-ci-robot committed Nov 4, 2019
1 parent 24edeac commit 445020674e0892d9fbd2c70bb2f6f38b0f4c04bd
Showing with 2 additions and 0 deletions.
  1. +2 −0 content/en/docs/concepts/services-networking/
@@ -28,6 +28,8 @@ By default, pods are non-isolated; they accept traffic from any source.

Pods become isolated by having a NetworkPolicy that selects them. Once there is any NetworkPolicy in a namespace selecting a particular pod, that pod will reject any connections that are not allowed by any NetworkPolicy. (Other pods in the namespace that are not selected by any NetworkPolicy will continue to accept all traffic.)

Network policies do not conflict, they are additive. If any policy or policies select a pod, the pod is restricted to what is allowed by the union of those policies' ingress/egress rules. Thus, order of evaluation does not affect the policy result.

## The `NetworkPolicy` Resource

See the [NetworkPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#networkpolicy-v1-networking-k8s-io) for a full definition of the resource.

0 comments on commit 4450206

Please sign in to comment.
You can’t perform that action at this time.