Release Notes and Announcements
- Release Notes
- Announcements
- Release Notes
Product Introduction
Purchase Guide
- Purchase Instructions
- Purchase a TKE General Cluster
- Purchasing Native Nodes
- Purchasing a Super Node
Getting Started
Cluster Configuration
- General Cluster Overview
- Cluster Management
- Network Management
- Storage Management
- Node Management
- GPU Resource Management
- Remote Terminals
Application Configuration
- Workload Management
- Service and Configuration Management
- Component and Application Management
- Auto Scaling
- Container Login Methods
Observability Configuration
- Ops Observability
- Cost Insights and Optimization
Scheduler Configuration
- Scheduling Component Overview
- Resource Utilization Optimization Scheduling
- Business Priority Assurance Scheduling
- QoS Awareness Scheduling
Security and Stability
- TKE Security Group Settings
- Identity Authentication and Authorization
- Application Security
Multi-cluster Management
- Planned Upgrade
- Backup Center
Cloud Native Service Guide
- Cloud Service for etcd
- TMP
- TKE Serverless Cluster Guide
- TKE Registered Cluster Guide
Use Cases
- Cluster
- Serverless Cluster
- Scheduling
- Security
- Service Deployment
- Network
- Release
- Logs
- Monitoring
- OPS
- Terraform
- DevOps
- Auto Scaling
- Containerization
- Microservice
- Cost Management
- Hybrid Cloud
- AI
Troubleshooting
API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Elastic Cluster APIs
- Resource Reserved Coupon APIs
- Cluster APIs
- Third-party Node APIs
- Relevant APIs for Addon
- Network APIs
- Node APIs
- Node Pool APIs
- TKE Edge Cluster APIs
- Cloud Native Monitoring APIs
- Scaling group APIs
- Super Node APIs
- Other APIs
- Data Types
- Error Codes
- TKE API 2022-05-01
FAQs
- TKE General Cluster
- TKE Serverless Cluster
- About OPS
- Hidden Danger Handling
- About Services
- Image Repositories
- About Remote Terminals
- Event FAQs
- Resource Management
Service Agreement
- TKE Service Level Agreement
- TKE Serverless Service Level Agreement
Contact Us
Glossary

Network Policy

Modo Foco

Tamanho da Fonte

Última atualização: 2026-04-21 15:13:00

Warning:
Network Policy component is based on kube-router and performs full-table save/restore operations on iptables. This behavior may cause compatibility issues and exceptions (for example, kube-proxy also uses iptables) in environments where early and latest versions of iptables coexist. Installation is not recommended. If installation is required, install the recommended community open-source kube-router based on your cluster version. Below is the version compatibility table:
TKE version
kube-proxy iptables
Recommend the kube-router version
Description
1.12~1.30
v1.8.7 (nft)
<= v1.5.1
iptables are all early versions with no compatibility issues.
1.32~1.34
v1.8.9 (nft)
v1.5.2+ (recommended to use the latest version)
iptables are all latest versions with no compatibility issues.
Overview
Add-on description
Network Policy is a resource provided by Kubernetes for defining pod-based network isolation policies. It describes whether a group of pods can communicate with other groups of pods and other network entities. This add-on provides a controller for implementing resources of this type. You can use this add-on if you want to control the network traffic of specific applications at the IP address or port layer (layer 3 or layer 4 of OSI).
Kubernetes objects deployed in a cluster
Kubernetes Object Name
Type
Requested Resource
Namespace
networkpolicy
DaemonSet
Each instance: CPU: 250m, Memory: 250Mi
kube-system
networkpolicy
ClusterRole
-
kube-system
networkpolicy
ClusterRoleBinding
-
kube-system
networkpolicy
ServiceAccount
-
kube-system
Component Permission Description
Permission Description
The permission of this component is the minimal dependency required for the current feature to operate.
Access to the namespaces, pods, services, nodes, endpoints, and networkpolicies within the cluster is required, thus necessitating list/get/watch permission.
Permission Definition
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: networkpolicy
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
      - pods
      - services
      - nodes
      - endpoints
    verbs:
      - list
      - get
      - watch
  - apiGroups:
      - "networking.k8s.io"
    resources:
      - networkpolicies
    verbs:
      - list
      - get
      - watch
  - apiGroups:
      - extensions
    resources:
      - networkpolicies
    verbs:
      - get
      - list
      - watch
Directions
1. Log in to the TKE console and select Cluster in the left sidebar.
2. On the “Cluster Management page, click the ID of the target cluster to go to the cluster details page.
3. In the left sidebar, click Add-on Management to go to the Add-on List page.
4. On the Add-on List page, click Create and select NetworkPolicy in the pop-up Create Add-on window. For details of NetworkPolicy configuration, see Best Practices for Network Policy.
5. Click Done.

Ajuda e Suporte

Esta página foi útil?

Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.

comentários

tencent cloud

Tencent Kubernetes Engine

Network Policy

Overview

Add-on description

Kubernetes objects deployed in a cluster

Component Permission Description

Permission Description

Permission Definition

Directions

Ajuda e Suporte

TKE version	kube-proxy iptables	Recommend the kube-router version	Description
1.12~1.30	v1.8.7 (nft)	<= v1.5.1	iptables are all early versions with no compatibility issues.
1.32~1.34	v1.8.9 (nft)	v1.5.2+ (recommended to use the latest version)	iptables are all latest versions with no compatibility issues.

Kubernetes Object Name	Type	Requested Resource	Namespace
networkpolicy	DaemonSet	Each instance: CPU: 250m, Memory: 250Mi	kube-system
networkpolicy	ClusterRole	-	kube-system
networkpolicy	ClusterRoleBinding	-	kube-system
networkpolicy	ServiceAccount	-	kube-system