K8s default network policy, deny or allow?
Question
My system contains.network policies, and I have a doubt about one of them. I can't test it. I just can print out the config and 'imagine' what it does.
kubectl get networkpolicies
=>
...
spec:
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress
I'm not sure if the one above denies all traffic from other namespaces, or on the contrary allow all traffic.
from https://kube.netes.io/docs/concepts/services.networking.network-policies/ chapter 'Default policies' I would say it allows all traffic, but I'm not quite sure...
The 'describe' does not really help me:
kubectl describe networkpolicies
=>
...
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: <none>
Not affecting egress traffic
Policy Types: Ingress
What do you think? Thanks!
1 answers
solution1
0 2023-01-19 09:33:57
The following.netpol would allow all Ingress traffic:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-ingress
spec:
podSelector: {}
ingress:
- {}
policyTypes:
- Ingress
This would deny all Egress & Ingress traffic:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.