sudhir kumar:
Anyone tested https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/01-deny-all-traffic-to-an-application.md
Ran the same steps but returning
kubectl run --generator=run-pod/v1 --rm -i -t --image=alpine test-$RANDOM -- sh
Flag --generator has been deprecated, has no effect and will be removed in the future.
If you don't see a command prompt, try pressing enter.
/ # wget <http://web>
Connecting to web (10.104.175.76:80)
saving to 'index.html'
index.html 100% |********************************************************************************************************************| 612 0:00:00 ETA
'index.html' saved
unnivkn:
kubectl run test-$RANDOM --rm -i -t --image=alpine -- sh
sudhir kumar:
@unnivkn for me it didn’t block
unnivkn:
try this step by step :
unnivkn:
k run frontend --image=nginx --expose --port=80
k run backend --image=nginx --expose --port=80
k get po,svc
k exec frontend – curl backend
–wkg
k exec backend – curl frontend
–wkg
vim default-deny
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: dafault-deny
namespace: default
spec:
PodSelector: {}
policyTypes:
unnivkn:
k apply -f default-deny
k get netpol
k exec frontend – curl backend
–blocking
k exec backend – curl frontend
–blocking
Tej_Singh_Rana:
Hello, @sudhir kumar
Which network addons have you deployed in your server?
sudhir kumar:
@Tej_Singh_Rana i was executing on one of the labs of kodecloud, didn’t notice the n/w plugin, good point
Above steps shared by @unnivkn worked.