Skip to main content
rpotru

11 months ago

networkPolicy issue

I am actually trying the example in this webpage on LinuxAcademy cloudserver. Eventhough, I have applied networkPolicy denying the all traffic, I am still getting the response back. 


I am wondering why it is not working in our lab environment. Can someone explain why?

Image of culhwch
culhwch
11 months ago
Hi  @rpotru 

I've just been playing around with NetworkPolicies lately, and I noticed a couple of differences in the way the example spec is put together, and the way the Kuberenetes Documentation has it written out. Not sure if this is the exact solution to what you are seeing, but it might be worth a shot. 

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: web-deny-all
spec:
  podSelector:
    matchLabels:
      app: web
  policyTypes:
  - Ingress

The main difference here is that we specify the "Ingress" policyType, and do not specify an 'ingress' spec section.

More documentation on this can be found here: 

https://kubernetes.io/docs/concepts/services-networking/network-policies/


Let us know if this helps. 

Image of rpotru
rpotru
10 months ago
Hi David - Thanks for the response. I am still able to access the traffic even after applying the YAML from documentation.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress

Any ideas?


Image of rpotru
rpotru
10 months ago
I setup the cluster as per CKA exam prep course (kudeadm behind the scenes). Wondering if flannel has a bug with this as NetworkingPolicies is a new feature.
kube-system            kube-flannel-ds-amd64-gdgfp                        1/1     Running   0          45m
kube-system            kube-flannel-ds-amd64-k2lj6                        1/1     Running   0          42m
kube-system            kube-flannel-ds-amd64-ngcfj                        1/1     Running   0          42m