API tools faq
paste
KpuCko

Calico Network Policy - test

KpuCko
Sep 19th, 2025
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 1.17 KB | Source Code | 0 0
raw download clone embed print report
  1. # Policy to allow ingress-nginx to access glance app specifically
  2. apiVersion: projectcalico.org/v3
  3. kind: NetworkPolicy
  4. metadata:
  5.   name: allow-ingress-to-glance
  6.   namespace: ma3x-glance
  7. spec:
  8.   selector: app == "glance"
  9.   types:
  10.    - Ingress
  11.   ingress:
  12.    # Allow traffic from ingress-nginx namespace
  13.     - action: Allow
  14.       protocol: TCP
  15.       source:
  16.         namespaceSelector: name == "ingress-nginx"
  17.       destination:
  18.         ports:
  19.          - 8080
  20.  
  21. ---
  22. # Allow glance app to make external requests (if needed)
  23. apiVersion: projectcalico.org/v3
  24. kind: NetworkPolicy
  25. metadata:
  26.   name: glance-egress
  27.   namespace: ma3x-glance
  28. spec:
  29.   selector: app == "glance"
  30.   types:
  31.    - Egress
  32.   egress:
  33.    # DNS resolution
  34.     - action: Allow
  35.       protocol: UDP
  36.       destination:
  37.         namespaceSelector: name == "kube-system"
  38.         selector: k8s-app == "kube-dns"
  39.         ports:
  40.          - 53
  41.     # External HTTP/HTTPS if your app needs it
  42.     - action: Allow
  43.       protocol: TCP
  44.       destination:
  45.         notNets:
  46.          - "10.0.0.0/8"
  47.           - "172.16.0.0/12"
  48.           - "192.168.0.0/16"
  49.         ports:
  50.          - 80
  51.           - 443
Tags: calico
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!