Hi all,
I gone through the official documentation of Calico policy and I have come across the below table. When both Ingress and Egress rule is set as “NO” why the value taken as “Ingress”?
Can anyone please explain the logic behind this.
Ingress rule present?
Egress rule present?
Value
No
No
Ingress
Yes
No
Ingress
No
Yes
Egress
Yes
Yes
Ingress, Egress
lwr20
September 3, 2021, 9:01am
2
The intent here is to match kubernetes network policy behaviour.
For example, the “enable isolation” policy in the kubernetes basic policy demo: Kubernetes policy, basic tutorial is:
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: default-deny
namespace: policy-demo
spec:
podSelector:
matchLabels: {}
EOF
And the effect of that is to block all ingress traffic to all pods in the policy-demo namespace.
It would be confusing if a similar Calico network policy didn’t result in the same behaviour.