@Tej_Singh_Rana This rule will block the ingress traffic to pod with label app=w . . .

Deepak Ladwa:
@Tej_Singh_Rana This rule will block the ingress traffic to pod with label app=web from the default namespace or all namespaces?

kind: NetworkPolicy
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
metadata:
  name: web-deny-all
spec:
  podSelector:
    matchLabels:
      app: web
  ingress: []

Memo Toro:
As far as I remember as you have it it will be block default namespace. You are not specifying any other namespace rule and I’m guessing you will apply that network policy in the default namespace.

Deepak Ladwa:
@Memo Toro Yes, as there are no labels specified, I think it will be applied to all pods in the default NS.
Even the below rule will achieve the same I guess.

kind: NetworkPolicy
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
metadata:
  name: web-deny-all
spec:
  podSelector: {}
  ingress: []

Deepak Ladwa:
Basically I was referring to this link - https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/01-deny-all-traffic-to-an-application.md
wherein, the diagram show that the traffic is blocked for other NS also, with below rule defined. But I doubt it.

kind: NetworkPolicy
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
metadata:
  name: web-deny-all
spec:
  podSelector:
    matchLabels:
      app: web
  ingress: []

Memo Toro:
Yes, you are right, it is confusing a bit. Did you try? You could apply it and create pods in other NS and see if pods are reachable.

Deepak Ladwa:
Yeah, let me try. Thanks.

Raj:
Ingress rules will be applied only to namespace where you create them

Raj:
If you specify the namespace in ingress resource yaml file , or you switch to a namespace then create the rule there (in case NS not mentioned in yaml) then rules will be applied to the matching app in the mentioned namespace only. Already worked on it

Deepak Ladwa:
Thanks @Raj @Memo Toro