How to write k8s NetworkPolicy to deny trafic from pod to pod?

5/7/2019

i'ams truggle with writing K8s network policy to deny trafic from pod to pod, pod must be specefied by label or name.

Can some one help me?

I'am not are devops/sys admin. And i need this for Integration Testting. I check https://github.com/ahmetb/kubernetes-network-policy-recipes examples. But still can't do it.

Here is exampel that allow acces from only one service

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: api-allow
spec:
  podSelector:
    matchLabels:
      app: bookstore
      role: api
  ingress:
  - from:
      - podSelector:
          matchLabels:
            app: bookstore

But i need oposite things, denny only from one pod.

-- Grigoriev Nick
kubernetes
kubernetes-networkpolicy
networking

1 Answer

5/7/2019

you should define two network policies as mentioned below

  1. default deny all traffic
  2. allow the traffic to a pod from other pods/namespaces

here are some good recipes that would be helpful. follow the link network policy recipes

-- P Ekambaram
Source: StackOverflow