Is a network policy applicable to pods of a daemonset? I have a default deny network policy for all ingress and egress for all pods. However, it does not seem to seem to be applied for pods belonging to the daemonset.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
netpol
is applicable for the pods spawned under daemonset
. For netpol
they are just pods like the one deployed by deployments or rs
.
If you do the describe of the netpol
you provided, it says its applicable for namespace=default
.
Name: default-deny
Namespace: default
Created on: 2021-07-21 17:59:56 -0500 CDT
Labels: <none>
Annotations: <none>
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
<none> (Selected pods are isolated for ingress connectivity)
Allowing egress traffic:
<none> (Selected pods are isolated for egress connectivity)
Policy Types: Ingress, Egress
and netpol
is a namespaced resource:
NAME SHORTNAMES APIVERSION NAMESPACED KIND
networkpolicies netpol networking.k8s.io/v1 true NetworkPolicy
This means, your daemonset
is created under some different namespace.