In Minkube mulitple namespaces why NetworkPolicy is not working

Question

I'm using minikube and created the following resources

1. Two namespaces qa and prod
2. Created curlpod in qa namespace, also curlpod and web pod in prod namespace. Curl pods can be used to CURL any URL whereas web pod has nginx serving default web page.
3. Created following NetworkPolicy and applied it on prod namespace.

    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    metadata:
      namespace: prod                         #A
      name: block-other-namespace
    spec:
      podSelector: {}                              #B
      ingress:
      - from:
        - podSelector: {}                 #C

Which I can see is applied as shown in the below screenshot

To test that prod namespace is isolated from qa namespace when I CURL from curlpod of qa namespace to web pod of prod namespace, it returns the default nginx webpage which it shouldn't due to NetWork policy. Please help me find why Network policy is not blocking request from qa namespace.

Screenshot of getting IP of web pod in prod namespace and CURL request from curlpod of qa namespace to web pod in prod namespace are as follows:

Answer 1

In my case I have started minikube with below command

minikube start --cni calico

and my network policy started working expectedly. Here I did not install anything extra, just started my minikube with above command

Answer 2

I ran into the same issue, on minikube single node cluster, as documenr suggested here Enabled Calico on a minikube cluster. But no luck then.

Finally, Got the reason after going through the network policy document carefully and found, Point#3 : IP blocks (exception: traffic to and from the node where a Pod is running is always allowed, regardless of the IP address of the Pod or the node) as mentioned here What I did to test Netpol :

1. minikube start -p <CLUSTER_NAME> --cni calico : this will create 3 nodes cluster
2. label nodes, to make sure, pod schedule on separate node a. kubectl label nodes node-m02 app=nginx b. kubectl label nodes node-m03 app=busybox
3. Configure netpolicies, create pods according to labels for testing.
4. Succeeded

Answer 3

The reason why Netowrk Policy was not working on minikube is as mentioned here:

"A vanilla minikube installation ( minikube start ) does not support any NetworkPolicies, since the default CNI, Kindnet, does not support Network Policies, by design. However, minikube can support NetworkPolicies if a supported CNI, such as Calico, is installed."