ALLOW traffic to an application from all namespaces - create deny-all ing policy

ahmetb / kubernetes-network-policy-recipes

Example recipes for Kubernetes Network Policies that you can just copy paste

Apache License 2.0

5.69k stars 1.73k forks source link

ALLOW traffic to an application from all namespaces - create deny-all ing policy #80

Closed surajssd closed 3 years ago

surajssd commented 3 years ago

In the case of "ALLOW traffic to an application from all namespaces" we need to create a deny-all-ingress policy to deny other traffic. Just creating an allow-all-traffic-from-all-ns-to-web is not enough.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
  - Ingress

boredabdel commented 3 years ago

It's already stated in the readme doc You do not need this policy unless there is already a NetworkPolicy blocking traffic to the application or a NetworkPolicy blocking non-whitelisted traffic to all pods in the namespace.

With links to a policy similar to the one you wrote here.

Closing as this is not an issue