Liam MAO -CHINA LAB-:
Hello guys. I used a network policy for a pod (example: pod A in namespace A ), whatever how to set it, the policy always is inoperative. even if I set up to deny all traffic in ingress and egress for this pod (pod A in namespace A), I still can access Pod A from Pod B which is in namespace B. do you know why ? Thanks in advance.
Liam MAO -CHINA LAB-:
I also search for this problem on Google. someone said, if your k8s use the flannel network plugin, it would be doesn’t support network policy, is it right?
Vaibhav S:
yes, Flannel does not support network policy. Check below link
Flannel is focused on networking. For network policy, other projects such as http://www.projectcalico.org/|Calico can be used.
https://github.com/flannel-io/flannel
Liam MAO -CHINA LAB-:
so appreciate your help. do you know how to check which type of network plugin is used in the current K8S cluster?
Lakshmi Narayana Muvvala:
NetworkPolicy objects can be added to any Kubernetes cluster. In order for these policies to be enforced, your cluster must run a CNI plugin that respects these policies. Common CNI plugins with this support are as follows.
• https://cilium.io/|Cilium
• https://www.projectcalico.org/|Calico
• https://www.weave.works/|Weave
• https://github.com/projectcalico/canal|Canal
Vaibhav S:
@Liam MAO -CHINA LAB- To check which CNI you are using, you can go to /etc/cni/net.d folder. There would be a conf file. Check the contents of the file and it would show you which plugin you are using. Mine is weave:
