I hope you're all doing well and being safe.
I have two pods A and B in two different namespaces.
I wish that pod A in namespace-a has access to every pod on other namespaces so I ve deployed this NetPol from the Kubernetes documentation :
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow_egress
namespace: namespace-a
spec:
podSelector:
matchLabels:
app: a
egress:
- to:
- namespaceSelector: {}
policyTypes:
- Egress
Now for pod B, the wish is to have it recieve traffic from only the namespace in which he is deployed and so I used from the same documentation:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-ingress
namespace: namespace-b
spec:
podSelector:
matchLabels:
app: b
ingress:
- from:
- podSelector: {}
policyTypes:
- Ingress
Using this configuration, I still can access the service exposing pod B from pod A. Even though I have specified in the second NetworkPolicy that pod B shouldn't be accepting traffic only from other pods in the same namespace.
Bare in mind that I am trying to simulate two teams that do not know about each other developments, so the team working in pod B don't know what's written by the team in pod A. Is there something I am missing?
Thank you!
