Network Policy : Targeting a range of ports / multi port egress

When creating a NetworkPolicy, you can target a range of ports instead of single port.

You can achieve this by using endPort field as below,

As shown in the above example, the rule allows a Pod with label role=db on the namespace default to communicate with any IP with in the range 10.0.0.0/24 over TCP, provided that the target port is between the range 32000 and 32768.

Restrictions apply when using endPort field :

• endPort must be equal to or greater than the port field
• endPort can only be defined if the port field is also defined.
• endPort and port should be numeric

Note:

The cluster should be using CNI plugin that supports endPort field in NetworkPolicy specifications.

If the CNI plugin doesn’t support endPort field then the policy will be applied to port field only.