Docker.github.io: Document whether or not NetworkPolicy works in Docker Desktop for Mac

Created on 30 Sep 2019  路  3Comments  路  Source: docker/docker.github.io

File: docker-for-mac/networking.md

If NetworkPolicy works in Docker Desktop for Mac, please document it.

If not, please add it to the "Known limitations, use cases, and workarounds" section.

I'm running Docker for Mac

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.1", GitCommit:"4485c6f18cee9a5d3c3b4e523bd27972b1b53892", GitTreeState:"clean", BuildDate:"2019-07-18T14:25:20Z", GoVersion:"go1.12.7", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.6", GitCommit:"96fac5cd13a5dc064f7d9f4f23030a6aeface6cc", GitTreeState:"clean", BuildDate:"2019-08-19T11:05:16Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}

Kubernetes v1.14 has NetworkPolicy

However, when I kubectl apply -f the following file

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: default-deny-all-egress
  namespace: default
spec:
  policyTypes:
  - Egress
  podSelector: {}
  egress: []

I'm still able to send egress network traffic

$ kubectl run --generator=run-pod/v1 -i --tty netshoot --image=nicolaka/netshoot -- bash
If you don't see a command prompt, try pressing enter.

bash-5.0# curl https://example.com
<!doctype html>
<html>
<head>
    <title>Example Domain</title>
...
areDesktop

Most helpful comment

FYI this is the same for Windows & WSL2.

I have weave-net installed as my CNI, and yet my policies are ignored.

easy to reproduce following :

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/

All 3 comments

FYI this is the same for Windows & WSL2.

I have weave-net installed as my CNI, and yet my policies are ignored.

easy to reproduce following :

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/

Does someone manage to make NetworkPolicy work or have an answer on the question ?
I've created an issue on the use of Calico in Docker-Desktop for mac in case :)

@etoews @ChrisScottThomas Did you manage to make it work ?

Was this page helpful?
0 / 5 - 0 ratings