Chandu:
In the CKAD lecture video about the netpolicy if we mention the policyTypes ingress & ingress then all the communication is blocked to the specific pod the networkpolicy is applied. But, what if we delete the Egress from the policytypes and only define ingress traffic and mention Ingress type only? Will it block all Egress traffic from the pod?
Alistair Mackay:
Hi @Chandu
Your first screenshot declares a deny-all policy, both ingress and egress.
You second screenshot creates rules for ingress, but egress is allowed to all (because you have defined nothing at all for egress)
K8s network policy is default allow.
Chandu:
So, if I do something like this then all the Egress traffic is blocked? Since I mentioned in the policytypes and but not created any rules?
Alistair Mackay:
Correct.
- Egress
on its own with no egress rule blocks everything
Alistair Mackay:
Note that this does not prevent a service from replying to some conversation opened on its ingress.
It means that the service cannot start it’s own outgoing conversation, e.g. get something from the web.
Chandu:
Yes. Makes sense. I understand it.