# 网络策略

[Network Policy](/concepts/objects/network-policy.md) 提供了基于策略的网络控制，用于隔离应用并减少攻击面。它使用标签选择器模拟传统的分段网络，并通过策略控制它们之间的流量以及来自外部的流量。Network Policy 需要网络插件来监测这些策略和 Pod 的变更，并为 Pod 配置流量控制。

## 如何开发 Network Policy 扩展

实现一个支持 Network Policy 的网络扩展需要至少包含两个组件

* CNI 网络插件：负责给 Pod 配置网络接口
* Policy controller：监听 Network Policy 的变化，并将 Policy 应用到相应的网络接口

![](/files/TM81XpjHPbDbxIRCgKDi)

## 支持 Network Policy 的网络插件

* [Calico](https://www.projectcalico.org/)
* [Cilium](https://cilium.io/)
* [Romana](https://github.com/romana/romana)
* [Weave Net](https://www.weave.works/)

## Network Policy 使用方法

具体 Network Policy 的使用方法可以参考 [这里](/concepts/objects/network-policy.md)。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kubernetes.feisky.xyz/extension/network-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.