Edit this page

Amazon EKS Workshop > Beginner > Securing Your Cluster with Network Policies > Integrating Network Policy with VPC Security Groups and CloudWatch > Initializing Network Policy

Initializing Network Policy

Now that we’ve seen that all the traffic is being allowed in the cluster, let’s start tightening the policies, and restrict some of the traffic. To do that, we will first create a default deny policy that will block all inbound traffic in our default namespace unless it is specifically allowed. To do that, we create a null policy that matches everything in the default namespace.

The YAML fragment that defines such a policy can be seen below


kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: default-deny
spec:
  podSelector:
    matchLabels: {}

Now create a file called default-deny.yaml with the above contents and install it in your cluster using kubectl.

$ kubectl apply -f default-deny.yaml