Page cover

Create Guard to Allow Ingress

Create Guard to Allow Ingress is used to create a CloudekaGuard will allow incoming traffic to pods with a certain label from pods with other labels that are in a different namespace. Using this syntax, you can control inbound access from permitted clients. You can first run the following syntax to create a YAML file with the name allow-ingress.

nano allow-ingress.yaml

Copy and paste the following YAML contents.

apiVersion: tenants.cloudeka.ai/v1alpha2
kind: CloudekaGuard
metadata:
  name: allow-ingress
  namespace: ns1
spec:
  endpointSelector:
    matchLabels:
      app: web-app
  ingress:
  - fromEndpoints:
    - matchLabels:
        app: client-ns2

After pasting the syntax, save the file by pressing Ctrl + O, then press the Enter key and exit the editor by pressing Ctrl + X. The next step is to apply Cloudeka Guard.

kubectl apply -f allow-ingress.yaml

Last updated