sukdevm:
Question: In network policies when I apply the default deny for ingress, it blocks all the incoming connections which is expected, however if I apply another policy in the same name space to allow ingress port for all pods. it doesn’t allow the connection… Is there any way to prioritize the network policy similar to a firewall rule in a firewall ?
sukdevm:
I have applied the below:
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: test
name: default-deny-ingress
spec:
podSelector: {}
policyTypes:
- Ingress
===============================
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: test
spec:
podSelector: {}
policyTypes:
- Ingress
ingress: - from:
- namespaceSelector:
matchLabels:
name: test
- namespaceSelector:
Basavraj Nilkanthe:
@sukdevm Seems your network policy definition is not correct… You need to mention from which specific pod/namespace you want to establish connection to pods from test namespace… Please note network policy are additives so it should work as long as your network definition file is correct