A NetworkPolicy is a Kubernetes object that controls what traffic is allowed to and from selected pods and network endpoints6. NetworkPolicy objects contain the following information:
The pods that are affected by this policy (the pod selector)
The traffic that is allowed for these pods (the ingress and egress rules)
The network entities that are allowed or denied for this traffic (the selectors and IP blocks)
By default, all pods in a cluster can communicate with each other and with any external network endpoint. A NetworkPolicy allows you to restrict this behavior by defining rules for pod isolation and network access. A NetworkPolicy is enforced by a network plugin that supports it6.
The other options are incorrect because:
An Ingress is a Kubernetes object that manages external access to services in a cluster, typically HTTP7. It does not control what traffic is allowed to and from selected pods and network endpoints.
A PodSecurityPolicy is a Kubernetes object that controls security-sensitive aspects of pod specification, such as running as privileged or using host networking8. It does not control what traffic is allowed to and from selected pods and network endpoints.
A Secret is a Kubernetes object that stores sensitive information, such as passwords or keys, in an encrypted form9. It does not control what traffic is allowed to and from selected pods and network endpoints.
References: Network Policies, Ingress, Pod Security Policies, Secrets
Submit