You start with an empty policy that does not restrict or allow anything. By default, all traffic for all pods is allowed in Kubernetes.
The box in the middle represents a podSelector; it selects pods in a namespace to apply policy rules. The pictured podSelector is set to an empty selector. Leave it like this to select all pods in a namespace, or change it to define a more specific subset of pods using labels.
The boxes on the left and right represent a visual grouping of network policy rules for ingress and egress traffic, respectively. Use the [+] icon on each box to add policy rules, and mouse over the rules to learn more.
Start by following the tutorial located on the right bottom corner.
您从没有限制或不允许任何内容的空策略开始。 默认情况下,Kubernetes允许所有Pod的所有流量。
中间的框代表podSelector; 它选择名称空间中的Pod以应用策略规则。 如图所示的podSelector设置为空选择器。 保持这种状态以选择名称空间中的所有Pod,或更改它以使用标签定义Pod的更具体的子集。
左侧和右侧的框分别代表用于入口和出口流量的网络策略规则的可视分组。 使用每个框上的[+]图标添加策略规则,并将鼠标悬停在规则上以了解更多信息。
首先按照右下角的教程进行操作。
