Skip to content

Commit f423ff1

Browse files
network-charlesnetwork-charles
committed
update network policies
1 parent c0c4564 commit f423ff1

File tree

1 file changed

+29
-4
lines changed

1 file changed

+29
-4
lines changed

content/en/docs/concepts/services-networking/network-policies.md

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -151,11 +151,19 @@ should be allowed as ingress sources or egress destinations.
151151
ingress sources or egress destinations.
152152

153153
**namespaceSelector** *and* **podSelector**: A single `to`/`from` entry that specifies both
154-
`namespaceSelector` and `podSelector` selects particular Pods within particular namespaces. Be
154+
`namespaceSelector` and `podSelector`. It selects particular Pods within particular namespaces. Be
155155
careful to use correct YAML syntax. For example:
156156

157157
```yaml
158158
...
159+
egress:
160+
- to:
161+
- namespaceSelector:
162+
matchLabels:
163+
user: bob
164+
podSelector:
165+
matchLabels:
166+
role: server
159167
ingress:
160168
- from:
161169
- namespaceSelector:
@@ -167,11 +175,24 @@ careful to use correct YAML syntax. For example:
167175
...
168176
```
169177

170-
This policy contains a single `from` element allowing connections from Pods with the label
171-
`role=client` in namespaces with the label `user=alice`. But the following policy is different:
178+
This policy contains a single `to` and `from` element.
179+
- The `to` element allows outgoing connections to Pods with the label
180+
`role=server`, *and* in namespaces with the label `user=bob`.
181+
- The `from` element allows incoming connections from Pods with the label
182+
`role=client`, *and* in namespaces with the label `user=alice`.
183+
184+
But the following policy is different:
172185

173186
```yaml
174187
...
188+
egress:
189+
- to:
190+
- namespaceSelector:
191+
matchLabels:
192+
user: bob
193+
- podSelector:
194+
matchLabels:
195+
role: server
175196
ingress:
176197
- from:
177198
- namespaceSelector:
@@ -183,7 +204,11 @@ This policy contains a single `from` element allowing connections from Pods with
183204
...
184205
```
185206

186-
It contains two elements in the `from` array, and allows connections from Pods in the local
207+
It contains two elements in the `to` and `from` array.
208+
- The `to` array allows outgoing connections to Pods in the local
209+
Namespace with the label `role=server`, *or* from any Pod in any namespace with the label
210+
`user=bob`.
211+
- The `from` array allows incoming connections from Pods in the local
187212
Namespace with the label `role=client`, *or* from any Pod in any namespace with the label
188213
`user=alice`.
189214

0 commit comments

Comments
 (0)