Skip to content

Commit

Permalink
Update the example of ACNP for zero-trust (#3108)
Browse files Browse the repository at this point in the history 
It doesn't make sense that the ACNP for zero-trust denies traffic
from/to Pods but allows external addresses.

Signed-off-by: Quan Tian <qtian@vmware.com>
  • Loading branch information
@tnqn
tnqn committed Dec 14, 2021
1 parent c406cca commit a5114e7
Showing 1 changed file with 1 addition and 5 deletions.
6 changes: 1 addition & 5 deletions docs/antrea-network-policy.md
View file
Expand Up @@ -318,7 +318,7 @@ spec:
enableLogging: false
- action: Drop
from:
- namespaceSelector: {} # Drop from Pods from other all Namespaces
- namespaceSelector: {} # Drop from Pods from all other Namespaces
name: DropFromAllOtherNS
enableLogging: true
egress:
Expand Down Expand Up @@ -349,12 +349,8 @@ spec:
- namespaceSelector: {} # Selects all Namespaces in the cluster
ingress:
- action: Drop
from:
- namespaceSelector: {}
egress:
- action: Drop
to:
- namespaceSelector: {}
```

#### ACNP for toServices rule
Expand Down

0 comments on commit a5114e7

Please sign in to comment.