Kubernetes YAML Networking

Kubernetes YAML•Permalink

Services, Ingress, NetworkPolicy, ports, and service exposure manifests.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

Services

Stable service discovery and traffic routing.

ClusterIP Service YAML

Expose Pods internally in the cluster.

↗#

yamlANYserviceclusterip

yaml

apiVersion: v1
kind: Service
metadata:
  name: api
spec:
  selector:
    app: api
  ports:
    - name: http
      port: 80
      targetPort: http
  type: ClusterIP

NodePort Service YAML

Expose the service on each node's IP.

↗#

yamlANYservicenodeport

yaml

apiVersion: v1
kind: Service
metadata:
  name: api-nodeport
spec:
  selector:
    app: api
  ports:
    - port: 80
      targetPort: 8080
      nodePort: 30080
  type: NodePort

LoadBalancer Service YAML

Request external load balancing from the platform.

↗#

yamlANYserviceloadbalancer

yaml

apiVersion: v1
kind: Service
metadata:
  name: api-lb
spec:
  selector:
    app: api
  ports:
    - port: 80
      targetPort: 8080
  type: LoadBalancer

Headless Service YAML

Expose individual Pod DNS records for stateful apps.

↗#

yamlANYserviceheadlessstatefulset

yaml

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  clusterIP: None
  selector:
    app: postgres
  ports:
    - port: 5432
      targetPort: 5432

Ingress

Route HTTP(S) traffic into Services.

Basic Ingress YAML

Route traffic by host and path.

↗#

yamlANYingresshttp

yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 80

Ingress manages external HTTP/HTTPS access based on hostnames and paths. It requires an Ingress controller.

Enable TLS on Ingress

Terminate HTTPS with a Secret-backed certificate.

↗#

yamlANYingresstls

yaml

spec:
  tls:
    - hosts:
        - app.example.com
      secretName: app-example-com-tls

NetworkPolicy

Limit pod-to-pod ingress and egress traffic.

Default deny ingress policy

Block incoming traffic until explicitly allowed.

↗#

yamlANYnetworkpolicysecurity

yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
    - Ingress

Allow ingress from labeled pods

Permit traffic only from a specific app tier.

↗#

yamlANYnetworkpolicyallowlist

yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: api-allow-from-web
spec:
  podSelector:
    matchLabels:
      app: api
  policyTypes: ["Ingress"]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: web
      ports:
        - protocol: TCP
          port: 8080

More in Kubernetes YAML

Kubernetes YAML Kustomize and CRDs

Kustomize overlays, patches, generators, and CRD/CR authoring patterns.

Kubernetes YAML Config and Secrets

ConfigMap, Secret, projected volume, envFrom, and secure configuration patterns.

Kubernetes YAML Workloads

YAML patterns for Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, HPAs, and PodDisruptionBudgets.

Kubernetes YAML Cheat Sheet

High-value Kubernetes YAML patterns for Pods, Deployments, Services, probes, resources, scheduling, and day-to-day manifest authoring.

Recommended next

No recommendations yet.

Browse all sheets →