Kubernetesdevops~30 mins

Ingress and egress rules in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Ingress and Egress Rules in Kubernetes

📖 Scenario: You are managing a Kubernetes cluster for a small web application. You need to control which external IP addresses can access your application pods and which pods can communicate outside the cluster.

🎯 Goal: Learn how to create Kubernetes NetworkPolicy objects to define ingress and egress rules that allow or block traffic to and from pods.

📋 What You'll Learn

Create a NetworkPolicy YAML manifest with specific ingress and egress rules

Use pod selectors and IP blocks to control traffic

Apply the NetworkPolicy to a namespace

Verify the NetworkPolicy effects by describing it

💡 Why This Matters

🌍 Real World

NetworkPolicies are used in Kubernetes to secure pod communication by controlling which IPs or pods can talk to each other. This is like setting house rules for who can enter or leave your home.

💼 Career

Understanding and managing ingress and egress rules is essential for Kubernetes administrators and DevOps engineers to protect applications and comply with security policies.

Progress0 / 4 steps

Create a basic NetworkPolicy skeleton

Create a YAML file named networkpolicy.yaml with a NetworkPolicy resource in the default namespace. Set the metadata.name to allow-web-ingress. Include empty spec with podSelector selecting pods with label app: web.

Kubernetes

# Your code here

Need a hint?

Start by defining the kind, metadata, and podSelector with the correct labels.

Add ingress rules to allow traffic from a specific IP block

In the spec section of networkpolicy.yaml, add an ingress rule that allows traffic only from the IP block 192.168.1.0/24. Use from with ipBlock specifying this CIDR.

Kubernetes

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web-ingress
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: web
# Add ingress rule to allow traffic from 192.168.1.0/24
# Your code here

Need a hint?

Use ingress with a list containing from and ipBlock with the CIDR.

Add egress rules to allow pods to access external internet

In the spec section, add an egress rule that allows all traffic to 0.0.0.0/0. Use to with ipBlock specifying this CIDR. Also, set policyTypes to include both Ingress and Egress.

Kubernetes

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-web-ingress
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: web
  ingress:
  - from:
    - ipBlock:
        cidr: 192.168.1.0/24
# Add egress rule to allow all outbound traffic
# Add policyTypes for Ingress and Egress
# Your code here

Need a hint?

Remember to add egress with to and ipBlock for all IPs. Also add policyTypes with both Ingress and Egress.

Apply and verify the NetworkPolicy

Run the command kubectl apply -f networkpolicy.yaml to create the NetworkPolicy. Then run kubectl describe networkpolicy allow-web-ingress -n default to see the applied rules. Copy the output of the describe command exactly as it appears.

Kubernetes

# Run kubectl apply and describe commands in your terminal
# Paste the output of 'kubectl describe networkpolicy allow-web-ingress -n default' here
# Your output here

Need a hint?

Run the commands exactly and copy the describe output. It shows the NetworkPolicy details.