Kubernetes NetworkPolicy allow loadbalancer

Question

I have a Kubernetes cluster running on Google Kubernetes Engine (GKE) with network policy support enabled. I created an nginx deployment and load balancer for it:

Answer 1

I talked about this in my Network Policy recipes repository.

"Allowing EXTERNAL load balancers while DENYING local traffic" is not a use case that makes sense, therefore it's not possible to using network policy.

For Service type=LoadBalancer and Ingress resources to work, you must allow ALL traffic to the pods selected by these resources.

If you REALLY want you can use the from.ipBlock.cidr and from.ipBlock.cidr.except resources to allow traffic from 0.0.0.0/0 (all IPv4) and then excluding 10.0.0.0/8 (or whatever private IP range GKE uses).