GlobalNetworkPolicy exclude default namespace

bruun · November 25, 2020, 7:16pm

It’s a copy of the code posted on this link (only added the default namespace to not {}): https://docs.projectcalico.org/security/kubernetes-default-deny

apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
metadata:
  name: deny-app-policy
spec:
  namespaceSelector: has(projectcalico.org/name) && projectcalico.org/name not in {"kube-system", "calico-system", "default"}
  types:
  - Ingress
  - Egress
  egress:
  # allow all namespaces to communicate to DNS pods
  - action: Allow
    protocol: UDP
    destination:
      selector: 'k8s-app == "kube-dns"'
      ports:
      - 53

Topic		Replies	Views
How to allow namespace to kube api server Open Source Calico Help	2	428	May 31, 2022
What is the difference between GlobalNetworkPolicy and GlobalNetworkset in Calico? EKS-AKS-GKE-IKS	3	780	August 17, 2021
Trying to understand network policies for host network <-> pod network Networking	18	3976	July 18, 2022
Wrong bahiving order or missunderstanding with globalNetworkPolicy Kubernetes	1	436	December 14, 2022
AKS -Action Log EKS-AKS-GKE-IKS aks	4	1537	December 23, 2020

GlobalNetworkPolicy exclude default namespace

Related Topics