kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update weave-network-policy.md (#4683) 

* Update weave-network-policy.md

add weavenet networkpolicy example

* Edits from zacharysarah

* Merge branch 'master' into patch-10

* Merge branch 'patch-10' of github.com:dengyi1996/kubernetes.github.io into patch-10

* Merge branch 'master' into patch-10
reviewable/pr4684/r1^2
dengyi1996 2017-08-09 13:49:09 +08:00 committed by Zachary Corleissen
parent 36c4ea8923
commit 627ff5d40a
1 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
docs/tasks/administer-cluster/weave-network-policy.md
View File

@ -26,9 +26,89 @@ The Weave Net Addon for Kubernetes comes with a [Network Policy Controller](http
{% endcapture %}
{% capture example %}
## Namespace isolation example
1. Create a namespace with `DefaultDeny`.
```yaml
kind: Namespace
apiVersion: v1
metadata:
name: myns
annotations:
net.beta.kubernetes.io/network-policy: |
{
"ingress": {
"isolation": "DefaultDeny"
}
}
```
2. Create 2 pods inside this namespace.
```yaml
kind: Pod
apiVersion: v1
metadata:
name: pod1
namespace: myns
labels:
inns: "yes"
spec:
containers:
- name: pod1
image: nginx
---
kind: Pod
apiVersion: v1
metadata:
name: pod2
namespace: myns
labels:
inns: "yes"
spec:
containers:
- name: pod2
image: nginx
```
3. Get the IP addresses of the pods.
```shell
kubectl get po -n myns -o wide
```
**Note:** If your cURL requests to pods are forbidden, try making cURL requests to other pods from within a pod.
{: .note}
4. Create a Kubernetes NetworkPolicy that allows pods within the same namespace to connect with each other.
```yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: aaa
namespace: myns
spec:
podSelector:
matchExpressions:
- {key: inns, operator: In, values: ["yes"]}
ingress:
- from:
- podSelector:
matchExpressions:
- {key: inns, operator: In, values: ["yes"]}
```
**Caution:** After applying the network policy, pods outside the namespace you specify may be unable to connect with pods inside the namespace.
{. :caution}
{% endcapture %}
{% capture whatsnext %}
Once you have installed the Weave Net Addon you can follow the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy.
Once you have installed the Weave Net addon, you can follow the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy.
{% endcapture %}