kubectl config use-context cluster5-admin@cluster5
# vim 21_deny.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: prod-db
spec:
podSelector: {}
policyTypes:
- Ingress
# vim 21_allow.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-policy
namespace: prod-db
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: prod
- namespaceSelector:
matchLabels:
name: stage
podSelector:
matchLabels:
role: db-connect
- podSelector:
matchLabels:
role: db-external-connect
namespaceSelector: {}