Kubernetes YAML Networking

Kubernetes YAML•Permalink

Services, Ingress, NetworkPolicy, ports, and service exposure manifests.

View

Standard Detailed Compact

Export

Copy the compact sheet, download it, or print it.

Download

`D` dense toggle · `C` copy all

## Services

ClusterIP Service YAML

↗#

apiVersion: v1
kind: Service
metadata:
  name: api
spec:
  selector:
    app: api
  ports:
    - name: http
      port: 80
      targetPort: http
  type: ClusterIP

# Expose Pods internally in the cluster.

NodePort Service YAML

↗#

apiVersion: v1
kind: Service
metadata:
  name: api-nodeport
spec:
  selector:
    app: api
  ports:
    - port: 80
      targetPort: 8080
      nodePort: 30080
  type: NodePort

# Expose the service on each node's IP.

LoadBalancer Service YAML

↗#

apiVersion: v1
kind: Service
metadata:
  name: api-lb
spec:
  selector:
    app: api
  ports:
    - port: 80
      targetPort: 8080
  type: LoadBalancer

# Request external load balancing from the platform.

Headless Service YAML

↗#

apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  clusterIP: None
  selector:
    app: postgres
  ports:
    - port: 5432
      targetPort: 5432

# Expose individual Pod DNS records for stateful apps.

## Ingress

Basic Ingress YAML

↗#

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 80

# Route traffic by host and path.

Enable TLS on Ingress

↗#

spec:
  tls:
    - hosts:
        - app.example.com
      secretName: app-example-com-tls

# Terminate HTTPS with a Secret-backed certificate.

## NetworkPolicy

Default deny ingress policy

↗#

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
    - Ingress

# Block incoming traffic until explicitly allowed.

Allow ingress from labeled pods

↗#

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: api-allow-from-web
spec:
  podSelector:
    matchLabels:
      app: api
  policyTypes: ["Ingress"]
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: web
      ports:
        - protocol: TCP
          port: 8080

# Permit traffic only from a specific app tier.

More in Kubernetes YAML

Kubernetes YAML Kustomize and CRDs

Kustomize overlays, patches, generators, and CRD/CR authoring patterns.

Kubernetes YAML Config and Secrets

ConfigMap, Secret, projected volume, envFrom, and secure configuration patterns.

Kubernetes YAML Workloads

YAML patterns for Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, HPAs, and PodDisruptionBudgets.

Kubernetes YAML Cheat Sheet

High-value Kubernetes YAML patterns for Pods, Deployments, Services, probes, resources, scheduling, and day-to-day manifest authoring.

Recommended next

No recommendations yet.

Browse all sheets →