I'm using minikube and created the following resources
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: prod #A
name: block-other-namespace
spec:
podSelector: {} #B
ingress:
- from:
- podSelector: {} #C
Which I can see is applied as shown in the below screenshot
To test that prod namespace is isolated from qa namespace when I CURL from curlpod of qa namespace to web pod of prod namespace, it returns the default nginx webpage which it shouldn't due to NetWork policy. Please help me find why Network policy is not blocking request from qa namespace.
Screenshot of getting IP of web pod in prod namespace and CURL request from curlpod of qa namespace to web pod in prod namespace are as follows:
The reason why Netowrk Policy was not working on minikube is as mentioned here:
"A vanilla minikube installation ( minikube start ) does not support any NetworkPolicies, since the default CNI, Kindnet, does not support Network Policies, by design. However, minikube can support NetworkPolicies if a supported CNI, such as Calico, is installed."