I am setting up my default namespace in my kubernetes cluster to allow incoming traffic from external nodes/hosts but deny any possible inter pod communication. I have 2 nginx pods which I want to completely isolate inside the cluster. Both pods are exposed with a service of the type nodePort and they are accessible from outside.
I first apply the following default deny network policy:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
Then, I try allowing external traffic with the following network policy:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-external
spec:
podSelector: {}
ingress:
- from:
- ipBlock:
cidr: 192.168.0.0/16
But unfortunately I am not able to access the service either from outside and inside my cluster.
Running example in: - macOS High Sierra v10.13.6 - minikube v1.5.2 --> with network plugin = cilium - kubectl v1.16.2
How could I face this problem?
kubectl cluster-info dump | grep -i cidrand the outcome was the following: "clusterCIDR not specified, unable to distinguish between internal and external traffic". Then I had a look at my the file located at: "~/.minikube/profiles/minikube/config.json" and this was the output: "MachineConfig": { ... }, "KubernetesConfig": { ... "NetworkPlugin": "cni", "FeatureGates": "", "ServiceCIDR": "10.96.0.0/12", "ExtraOptions": null – Javier Errea