Why GlobalNetworkPolicy was not applied?

Open Source Calico Help Networking
#1

In my case, I would like to block traffic of specific source cidrs and dest ports. But there are no iptables rules applied.

apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
name: allow-tcp-22-1
spec:
selector: kubernetes.io/hostname == “172.31.4.89”
#selector: all()
preDNAT: true
applyOnForward: true
types:

  • Ingress
    ingress:
  • action: Allow
    metadata:
    annotations:
    from: vpc
    protocol: TCP
    source:
    nets:
    • “172.20.32.101/32”
    • “1.1.1.0/24”
    • “2.2.2.0/24”
      destination:
      ports:
    • 80
  • action: Deny
    metadata:
    annotations:
    from: vpc
    protocol: TCP
    source:
    nets:
    • “172.20.32.101/32”
    • “1.1.1.0/24”
    • “2.2.2.0/24”
      destination:
      ports:
    • 22
  • action: Deny
    metadata:
    annotations:
    from: vpc
    protocol: TCP
    source:
    nets:
    • “172.20.32.101/32”
    • “1.1.1.0/24”
    • “2.2.2.0/24”
#2

Hello @bigclouds, are you a part of the Calico Users Slack? There are many Open Source Users having conversations and mind sharing around similar topics which could be helpful for you as well. Please join here.

#3

Perhaps start with some of the tutorials in Get started with policy ?

This material is also covered in the free Calico Certification course: Certified Calico Operator: Level 1 | Tigera

#4

I have started watching your suggested tutorials. I am learning a lot of useful tricks but still, there are plenty of questions in my mind that I like to get answered.