A network policy lets you control traffic flow to your application at the port level. Kore can generate both an Ingress resource and a network policy for you through the Kore UI. To do that, see the instructions in Expose your Application via Ingress.
This topic gives instructions for manually creating and applying a network policy for your application. If you follow the steps in this topic, you must also create and apply an Ingress resource for your application.
For more information, see the Kubernetes documentation for:
By default Kore deploys a
default-denial-ingress network policy into each namespace. This forbids ingress traffic for any deployed applications:
To enable your application to receive traffic from the Ingress controllers that Kore manages, you must allow traffic from the
kore-ingress namespace for the service port or ports your application is using.
In this example procedure, let's assume that your application:
- is deployed into the namespace
- has pods with label
- has a
myappserviceobject that defines the
To create a new network policy:
Create the following
app_network_policy.yamlapiVersion: networking.k8s.io/v1kind: NetworkPolicymetadata:name: myappservice-ingressnamespace: bobspec:ingress:- ports:- protocol: TCPport: 8443from:- namespaceSelector:matchLabels:name: kore-ingresspodSelector:matchLabels:name: "myapp"policyTypes:- Ingress
Apply the network policy.$ kubectl -n bob apply -f app_network_policy.yaml