apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-frontend-to-backend namespace: intern-workspace spec: podSelector: matchLabels: app: backend-datasiswa policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: frontend-datasiswa ports: - protocol: TCP port: 5000 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-backend-to-mysql namespace: intern-workspace spec: podSelector: matchLabels: app: mysql-datasiswa policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app: backend-datasiswa ports: - protocol: TCP port: 3306 egress: - to: - podSelector: matchLabels: app: backend-datasiswa ports: - protocol: TCP port: 5000 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-backend-egress namespace: intern-workspace spec: podSelector: matchLabels: app: backend-datasiswa policyTypes: - Egress egress: # Backend boleh akses MySQL - to: - podSelector: matchLabels: app: mysql-datasiswa ports: - protocol: TCP port: 3306 # Boleh keluar ke DNS (supaya backend tetap bisa resolve nama service) - to: - namespaceSelector: {} ports: - protocol: UDP port: 53 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-frontend-egress namespace: intern-workspace spec: podSelector: matchLabels: app: frontend-datasiswa policyTypes: - Egress egress: # Frontend boleh kirim request ke backend - to: - podSelector: matchLabels: app: backend-datasiswa ports: - protocol: TCP port: 5000 # Boleh keluar ke DNS - to: - namespaceSelector: {} ports: - protocol: UDP port: 53