kubernetes network policy

by default, kubernetes pod accepts all traffic from all origins
we can a NetworkPolicy to restrict accesses
- egress: output traffic
- ingress: input traffic

# allow only access to the pods with labels 
# app=review and role=api from pods with label 
# app=frontend
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: api-allow
spec:
  podSelector:
    matchLabels:
      app: review
      role: api
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: frontend

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  namespace: my-project
  name: deny-from-other-namespaces
spec:
  podSelector:
    matchLabels:
  ingress:
    - from:
      - podSelector: { }