Sanjeevkumar:
Hi team,
I assume both netpols in pic are same. Kindly comment.
Shwetha Shenoy V:
You can verify it by checking k describe netpol <netpol name> for both netpols.
Sanjeevkumar:
Referring description i still have same doubt.
-
From: NamespaceSelector: <none>
-
From: <any> (traffic not restricted by source)
Is 1 is same as 2 ? Could be only difference external traffic not allowed in 1 but in 2 its allowed ??
Pavan Kishore Ventrapragada:
I think as you mentioned …1 will not allow external traffic to flow in… where as 2 does that…
Santosh Kaluskar:
1 will will receive traffic from pods in All Namespaces., as it uses namespaceSelector While the second NP will receive traffic only from pods in Default namespace as it uses podSelector and is defined in Default Namespace.
unnivkn:
Hi @Sanjeevkumar this may help to validate:
https://editor.cilium.io/?id=CvxBjC5YQWf41crQ
https://orca.tufin.io/netpol/?yaml=apiVersion:%20networking.k8s.io%2Fv1
kind:%20NetworkPolicy
metadata:
3|~|name:%20ingress-to-nptest
3|~|namespace:%20default
spec:
3|~|podSelector:
5|~|matchLabels:
13|~|run:%20np-test-1
3|~|policyTypes:
3|~|-%20Ingress
3|~|ingress:
3|~|-%20from:
5|~|ports:
5|~|-%20protocol:%20TCP
7|~|port:%2080
|https://orca.tufin.io/netpol/?yaml=apiVersion:%20networking.k8s.io%2Fv1
kind:%20N[…]7Cports:
5|~|-%20protocol:%20TCP
7|~|port:%2080
Sanjeevkumar:
Hi @unnivkn - Many thanks to you for sharing https://orca.tufin.io/netpol really helped me to understand missing pieces of netpol. 