I have a cluster on Google Kubernetes Engine, It has Network Policies enabled using Calico.
Until now I have written 12 Network Policies as a form of YAML files.
One thing I can't seem to figure out is that if the order in which these network policies are created matters.
For example lets say I have these two policies:
Pol#1- Deny all ingress connections
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-ingress
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
Pol#2- Allow db to be accessed by backend:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-db-to-be-accessed-by-backend
namespace: default
spec:
podSelector:
matchLabels:
app: mysql
release: production
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: backend
release: production
ports:
- protocol: TCP
port: 3306
Do I get different results if I apply Pol#1, then Pol#2 compared to applying Pol#2 first, and then Pol#1?