Package org.cdk8s.plus24

Class NetworkPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

org.cdk8s.plus24.Resource

org.cdk8s.plus24.NetworkPolicy

All Implemented Interfaces:

IApiEndpoint, IApiResource, IResource, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-07-08T00:25:14.240Z")
@Stability(Stable)
public class NetworkPolicy
extends Resource

Control traffic flow at the IP address or port level (OSI layer 3 or 4), network policies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network peers.

• Outgoing traffic is allowed if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the network policies that select the pod.
• Incoming traffic is allowed to a pod if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the network policies that select the pod.

Network policies do not conflict; they are additive. If any policy or policies apply to a given pod for a given direction, the connections allowed in that direction from that pod is the union of what the applicable policies allow. Thus, order of evaluation does not affect the policy result.

For a connection from a source pod to a destination pod to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the connection. If either side does not allow the connection, it will not happen.

See Also:

https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	NetworkPolicy.Builder	A fluent builder for NetworkPolicy.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IApiEndpoint

IApiEndpoint.Jsii$Default

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IApiResource

IApiResource.Jsii$Default

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface org.cdk8s.plus24.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	NetworkPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	NetworkPolicy(software.amazon.jsii.JsiiObjectRef objRef)
	NetworkPolicy(software.constructs.Construct scope, String id)
	NetworkPolicy(software.constructs.Construct scope, String id, NetworkPolicyProps props)

Method Summary

Modifier and Type	Method	Description
void	addEgressRule(INetworkPolicyPeer peer)	Allow outgoing traffic to the peer.
void	addEgressRule(INetworkPolicyPeer peer, List<NetworkPolicyPort> ports)	Allow outgoing traffic to the peer.
void	addIngressRule(INetworkPolicyPeer peer)	Allow incoming traffic from the peer.
void	addIngressRule(INetworkPolicyPeer peer, List<NetworkPolicyPort> ports)	Allow incoming traffic from the peer.
protected org.cdk8s.ApiObject	getApiObject()	The underlying cdk8s API object.
String	getResourceType()	The name of a resource type as it appears in the relevant API endpoint.

Methods inherited from class org.cdk8s.plus24.Resource

asApiResource, asNonApiResource, getApiGroup, getApiVersion, getKind, getMetadata, getName, getPermissions, getResourceName

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

NetworkPolicy

protected NetworkPolicy(software.amazon.jsii.JsiiObjectRef objRef)

NetworkPolicy

protected NetworkPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

NetworkPolicy

@Stability(Stable)
public NetworkPolicy(@NotNull
                     software.constructs.Construct scope,
                     @NotNull
                     String id,
                     @Nullable
                     NetworkPolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

NetworkPolicy

@Stability(Stable)
public NetworkPolicy(@NotNull
                     software.constructs.Construct scope,
                     @NotNull
                     String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

addEgressRule

@Stability(Stable)
public void addEgressRule(@NotNull
                          INetworkPolicyPeer peer,
                          @Nullable
                          List<NetworkPolicyPort> ports)

Allow outgoing traffic to the peer.

If ports are not passed, traffic will be allowed on all ports.

Parameters:

peer - This parameter is required.

ports -

addEgressRule

@Stability(Stable)
public void addEgressRule(@NotNull
                          INetworkPolicyPeer peer)

Allow outgoing traffic to the peer.

If ports are not passed, traffic will be allowed on all ports.

Parameters:

peer - This parameter is required.

addIngressRule

@Stability(Stable)
public void addIngressRule(@NotNull
                           INetworkPolicyPeer peer,
                           @Nullable
                           List<NetworkPolicyPort> ports)

Allow incoming traffic from the peer.

If ports are not passed, traffic will be allowed on all ports.

Parameters:

peer - This parameter is required.

ports -

addIngressRule

@Stability(Stable)
public void addIngressRule(@NotNull
                           INetworkPolicyPeer peer)

Allow incoming traffic from the peer.

If ports are not passed, traffic will be allowed on all ports.

Parameters:

peer - This parameter is required.

getApiObject

@Stability(Stable)
@NotNull
protected org.cdk8s.ApiObject getApiObject()

The underlying cdk8s API object.

Specified by:

getApiObject in class Resource

See Also:

base.Resource.apiObject

getResourceType

@Stability(Stable)
@NotNull
public String getResourceType()

The name of a resource type as it appears in the relevant API endpoint.

Specified by:

getResourceType in interface IApiResource

Specified by:

getResourceType in class Resource

See Also:

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources