i started minikube with this command
minikube start --network-plugin=cni --cni=calico
and i create nginx pod in default namespace with this file
apiVersion: v1
kind: Pod
metadata:
name: web
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
protocol: TCP
and i create a pod in qa namespace to curl the nginx in default namespace with this file
apiVersion: v1
kind: Pod
metadata:
name: curl-pod
spec:
containers:
- name: curlpod
image: radial/busyboxplus:curl
command:
- sh
- -c
- while true; do sleep 1; done
when i curl it works well,
after that i need to deny ingress traffic to the nginx pod in my default namespace so i apply this networkpolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
spec:
podSelector: {}
policyTypes:
- Ingress
but this does not do any thing when i curl from pod in qa namespace it return response 200 ok
and i don't know how can i fix that, can any one help me.
Can you try changing your minikube start command to this:
Then verify that Calico is installed and running:
If you want a gloabl default deny (all namespaces) try this:
If you want it namespaced to your default ns, try this: