Skip to main content

Kubernetes network-policy Generator

The Kubernetes NetworkPolicy Generator creates strict ingress and egress firewall rules. It isolates namespace traffic and secures internal microservice communication.

Loading editor...

How it Works

1

Target Pods - Define which pods the policy applies to using label selectors.

2

Define Ingress - Specify exactly which pods or namespaces are allowed to send traffic to the target.

3

Define Egress - Restrict outbound traffic to specific IP blocks or internal services.

4

Generate YAML - Export the networking.k8s.io/v1 manifest.

Best Practices

Zero-trust architecture requires explicit ingress/egress rules mapping pod communication paths.

Default State

Allow-all traffic

Default-deny all ingress

Selectors

Broad namespace rules

Strict pod-to-pod label matching

Egress

Unrestricted internet access

Blocked external traffic

Example Output

Here is a real generated snippet matching the production best practices above:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny

Advanced Configuration Logic

By default, all pods in a Kubernetes cluster can communicate with each other freely. This zero-trust violation means a compromised frontend pod can directly attack a backend database. NetworkPolicies act as a cluster-internal firewall. However, the YAML syntax for podSelectors and namespaceSelectors is confusing; mixing them in a single array versus separating them fundamentally changes the firewall logic (AND vs OR). Our generator explicitly structures these arrays, guaranteeing absolute network isolation and zero-trust compliance.

Ready to automate your infrastructure?

Scroll back up to the generator and export your production-ready configuration in seconds.

Start Building