I am new to configuring network policies in k8s. I have to make a change in production which I cant test. Basically we need to block all UDP traffic going to the pods in a specific namespace. Would the below work?
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-udp
namespace: foxden-loadtest
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
ports:
- protocol: UDPTry this example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-allow-tcp only
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
Other all traffic will get blocked. Only TCP will work
policyTypes: ["ingress"] indicates that this policy enforces policies for the ingress traffic.
inress: [] empty rule set does not whitelist any traffic, therefore all ingress traffic is blocked.