Selective Pod-to-Pod Communication Using NetworkPolicies Under Default-Deny
Scenario
Two Pods are running in netpol-demo1: frontend (app=frontend) and backend (app=backend), both exposed on port 80.
By default, all traffic is blocked. Only DNS (port 53) is allowed. Your goal is to make frontend able to reach backend on port 80.
Task
Create two NetworkPolicies in the netpol-demo1 namespace:
1. allow-frontend-egress — targets frontend Pods (app=frontend). Allows outgoing traffic to backend Pods (app=backend) on TCP port 80.
2. allow-frontend — targets backend Pods (app=backend). Allows incoming traffic from frontend Pods (app=frontend) on TCP port 80.
kubectl exec -n netpol-demo1 frontend -- wget -qO- http://backend.netpol-demo1:80
# verify that frontend can reach backend on port 80
Do not modify or delete default-deny-all.
Hint
Use policyTypes: [Egress] for the frontend policy and policyTypes: [Ingress] for the backend policy.
See: Network Policies