kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #847 from matthewdupre/network-policy-hyphen 

Correct hyphenation of net.beta.kubernetes.io/network-policy
pull/910/head
Brian Grant 2016-07-25 21:57:46 -07:00 committed by GitHub
parent 5407cc0cde ef8005c112
commit a899c21d0c
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/user-guide/networkpolicies.md
View File

@ -15,13 +15,13 @@ You must enable the `extensions/v1beta1/networkpolicies` runtime config in your
You must also be using a networking solution which supports `NetworkPolicy` - simply creating the
resource without a controller to implement it will have no effect.
## Configuring Namespace Isolation Policy
## Configuring Namespace Isolation Policy
Isolation can be configured on a per-namespace basis. Once isolation is configured on a namespace it will be applied to all pods in that namespace. Currently, only isolation policy on inbound traffic (ingress) can be defined.
The following ingress isolation types being supported:
The following ingress isolation types being supported:
- `DefaultDeny`: Pods in the namespace will be inaccessible from any source except the pod's local node.
- `DefaultDeny`: Pods in the namespace will be inaccessible from any source except the pod's local node.
Ingress isolation can be enabled using an annotation on the Namespace.
@ -41,7 +41,7 @@ metadata:
To configure the annotation via `kubectl`:
```shell{% raw %}
kubectl annotate ns <namespace> "net.beta.kubernetes.io/networkpolicy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"
kubectl annotate ns <namespace> "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"
{% endraw %}```
## The `NetworkPolicy` Resource
@ -75,6 +75,6 @@ __Mandatory Fields__: As with all other Kubernetes config, a `NetworkPolicy` nee
__spec__: `NetworkPolicy` [spec](https://github.com/kubernetes/kubernetes/tree/{{page.githubbranch}}/docs/devel/api-conventions.md#spec-and-status) has all the information needed to define a network isolation policy in the deployed controller.
__podSelector__: Each `NetworkPolicy` includes a `podSelector` which selects the grouping of pods to which the `ingress` rules in the policy apply.
__podSelector__: Each `NetworkPolicy` includes a `podSelector` which selects the grouping of pods to which the `ingress` rules in the policy apply.
__ingress__: Each `NetworkPolicy` includes a list of whitelist `ingress` rules. Each rule allows traffic which matches both the `from` and `ports` sections.
__ingress__: Each `NetworkPolicy` includes a list of whitelist `ingress` rules. Each rule allows traffic which matches both the `from` and `ports` sections.