*Issue: Network policy is not working as expected.* *TASK*: Network policy sho . . .

jumble:
Issue: Network policy is not working as expected.

TASK: Network policy should allow incoming traffic from the backend to the database but disallow incoming traffic from other pods.
Incoming traffic to the database should only be allowed on TCP port 3306 and no other port.

I’ve created network policy as per task, please find attachment below, I wanted to test connectivity from temp pod
to backend using busybox image.
Contrary to the n/w policy defined, I’m able to telnet database pod from temp pod.

What am I missing here, could any one correct me. Thanks!

image.png1418×702 124 KB

image.png1248×123 56.3 KB

Malayamanas Panda:
dump output of command “kubectl get pods -A --show-labels”

Tu Hoang:
I believe you’d need to define a “default deny” netpol (as per <Network Policies | Kubernetes doco>) together with ^ this netpol to achieve the behavior that you’d want for this app-stack namespace. Also:

By default, pods are non-isolated; they accept traffic from any source.