A network policy lets you control traffic flow to your application at the port level. Wayfinder can generate both an Ingress resource and a network policy for you through the Wayfinder UI. To do that, see the instructions in Expose your Application via Ingress.
This topic gives instructions for manually creating and applying a network policy for your application. If you follow the steps in this topic, you must also create and apply an Ingress resource for your application.
For more information, see the Kubernetes documentation for:
Wayfinder's default network policy
By default Wayfinder deploys a
default-denial-ingress network policy into each namespace. This forbids ingress traffic for any deployed applications:
Create a new network policy
To enable your application to receive traffic from the Ingress controllers that Wayfinder manages, you must allow traffic from the
wf-ingress namespace for the service port or ports your application is using.
In this example procedure, let's assume that your application:
- is deployed into the namespace
- has pods with label
- has a
myappserviceobject that defines the
To create a new network policy:
Create the following
- protocol: TCP
Apply the network policy.
$ kubectl -n bob apply -f app_network_policy.yaml