Network Policies
| Policy | Target | Types | Rules | Last modified |
|---|
NetworkPolicy templates
Pick a base, then adjust the selectors, peers and ports.
Analyze and improve NetworkPolicies
Paste your NetworkPolicies — no kubeconfig or secrets needed. The analysis checks the structure, namespaces, selectors, CIDRs, ports and overly permissive rules, flags the OR-vs-AND trap and missing default-deny, and generates safe fixes without changing the intended behavior. A kubeconfig is optional, only to also audit your cluster's context and auth.
1. NetworkPolicy YAML
Paste your policies (YAML or JSON). Multiple documents separated by --- are accepted, or reuse what you loaded in Cluster.
2. Kubeconfig (optional)
Only to also audit your cluster context and auth (HTTPS, TLS, static tokens…). Skip it if you don't want to paste secrets.
Errors and recommendations
Pods, namespaces and existing rules
Import YAML output from kubectl. You can then open existing NetworkPolicies and click real Pod or namespace labels to build the right selectors.
Import the cluster inventory
Paste the YAML below, or open the files. Nothing is sent anywhere — no cluster connection, no token or kubeconfig needed.
kubectl get networkpolicies -A -o yaml
kubectl get pods -A -o yaml
kubectl get namespaces -o yaml
networkpolicies.) YAML or JSON both work; command/args/volumeMounts/managedFields are stripped automatically. Lighter Pods with jq: kubectl get pods -A -o json | jq '{kind:"List",items:[.items[]|{kind:"Pod",metadata:{name:.metadata.name,namespace:.metadata.namespace,labels:.metadata.labels}}]}'Cluster applications
Click a label to create a policy targeting that application.
Existing rules
Who can talk to whom
A firewall-style view of your policies, grouped by namespace. Each rule shows the source, an arrow with the allowed ports, and the target Pods (by label). Load your policies in Cluster or create them in Policies; add Pods in Cluster to also see which real Pods match.
Local app in your browser
- Open this
index.htmlfile in Chrome, Edge or Firefox. - Create a policy, import YAML, or use the Analyze page.
- In Cluster, import kubectl YAML output to browse Pods, namespaces, labels and existing NetworkPolicies.
- Validate and save the policy to local storage.
- Export the YAML, then apply it with
kubectl.
kubectl apply -f my-policy.yamlTo validate server-side before applying:
kubectl apply --dry-run=server -f my-policy.yamlImportant notes
kubectl, GitOps or your CI/CD pipeline.- Your CNI plugin must support NetworkPolicies (Calico, Cilium, etc.).
- A policy selects Pods with
spec.podSelector. - Ingress and egress rules describe allowed flows.
- Test DNS, monitoring and dependency access before production.
- The kubeconfig resolves the context and namespace; it does not describe the actual Pods and Services.
- The inventory imported from kubectl stays in memory only and is cleared on page reload.
- Version the exported YAML files in Git.