Network policy with negation rules (NOT)

Hello team,

I am looking for a solution to problem where i need to create and apply a network policy to a pod which allows traffic from everywhere all other namespaces, IPs and pod labels except a specific (nonfriendly ) pod.

I do see there is except attribute support in ipBlock under spec.ingress but not from podSelector or nameSelector but this will not be a generic solution if pod IP changes.

I tried with something like below but it was not working:

- from:
- podSelector:
- key: “run”
operator: NotIn
values: [“nonfriendly”]

Can someone suggest if you have came across similar issue and how it was resolved.


anyone has faced similar problem?