mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
46 lines
1.5 KiB
Plaintext
46 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/network_security/network_policy/creating-network-policy.adoc
|
|
// * networking/network_security/network_policy/viewing-network-policy.adoc
|
|
// * networking/network_security/network_policy/editing-network-policy.adoc
|
|
// * post_installation_configuration/network-configuration.adoc
|
|
// * microshift_networking/microshift-creating-network-policy.adoc
|
|
// * microshift_networking/microshift-network-policy/microshift-editing-network-policy.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="nw-networkpolicy-object_{context}"]
|
|
= Example NetworkPolicy object
|
|
|
|
[role="_abstract"]
|
|
The following configuration annotates an example NetworkPolicy object:
|
|
|
|
[source,yaml]
|
|
----
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: allow-27107
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: mongodb
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: app
|
|
ports:
|
|
- protocol: TCP
|
|
port: 27017
|
|
----
|
|
|
|
where:
|
|
|
|
`name`:: The name of the NetworkPolicy object.
|
|
`spec.podSelector`:: A selector that describes the pods to which the policy applies.
|
|
ifndef::microshift[]
|
|
The policy object can only select pods in the project that defines the NetworkPolicy object.
|
|
endif::microshift[]
|
|
`ingress.from.podSelector`:: A selector that matches the pods from which the policy object allows ingress traffic. The selector matches pods in the same namespace as the NetworkPolicy.
|
|
`ingress.ports`:: A list of one or more destination ports on which to accept traffic.
|