Hi
Kubernetes documentation for network policy page mentions default deny and allow policy types.
Default deny all - the “ingress:” section is not written in yaml file
Default Allow all- the "ingress: " section is empty - {}
But, in network policy editor it is other way around - Am I missing something please see the screenshot below
Hi @SalBlr
The one provided in the Kubernetes Docs provide explicit examples for each Ingress and Egress traffic control. This is done by providing policyTypes list and ingress field.
The example specifically controls the Ingress traffic in the Docs.
Whereas, the one on the right doesn’t specify any policyTypes. Thus, allowing Ingress and Egress to all the Pods in the same Namespace. This means that without explicit rules, all traffic is permitted.
Hope this helps.
Thanks Santosh
I tried the same policy mentioned in network editor (right hand image) - its denying all traffic. As per network policy editor its a default allow.
My results are contrary to what is mentioned in network policy editor
Please see my steps below
kubectl run web --image=nginx --expose --port=80
Test, all ingress traffic is allowed to NGINX pod
controlplane $ kubectl run --rm -i -t --image=alpine test-$RANDOM -- sh
Create a NP as below and apply
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: untitled-policy
spec:
podSelector: {}
controlplane $ kubectl run --rm -i -t --image=alpine test-$RANDOM -- sh
If you don't see a command prompt, try pressing enter.
/ # wget -qO- http://web
^C
/ # wget -qO- --timeout=2 http://web
wget: download timed out
/ # exit