I am trying to implement some Calico based Kubernetes Network Policies. I have already setup Calico in my cluster and all the Calico based pods are running fine.
In my cluster, There are two pods.
1. An Nginx pod
2. An Apache pod
My requirement is that I need to add a NetworkPolicy for controlling the network traffic in the Nginx pod. I want the egress trafic from the Nginx pod to the Apache pod to be blocked. However, I want to ping to 8.8.8.8 from the Nginx pod.
So in short, I want to block only the traffic to the Apache pod from the Nginx pod.
My YAML file is as follows:
calico-deny-range-policy-yaml
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
name: deny-egress-external
namespace: nginx
spec:
selector:
app == 'nginx'
types:
- Egress
egress:
- action: Deny
protocol: TCP
source:
nets:
- 192.168.163.0/25
destination:
nets:
- 192.168.163.204/32
notNets:
- 8.8.8.8/32
But the problem is that the Nginx pod is getting a 'Deny All' effect. I am unable to ping any IPs from the Nginx pod. The whole traffic is getting blocked.
How can I customize the egress and ingress trafic according to my need? Any working examples for the above requirement is appreciated.