Gaurav yadav:
does network policies affect pod-to-pod communication happening through cluster ip service
Ansuman Roy:
@Gaurav yadav, yes if you define ingress and egress rules then yes. Its a best practice to define a deny-all netpol and then add custom netpols to allow access within a namespace.
Gaurav yadav:
how to define ingress and egress rules to allow traffic from a service. Pods can be selected through pod selector
Gaurav yadav:
is there a way to specify a service
Alistair Mackay:
Polices don’t target specifically services. They target pods, but using the same label selectors as a service uses to include pods will effectively deny the service.
A service is not a tangible object. It’s merely an abstraction to group some pods together under a single stable IP and load balance between those pods.
Aneek Bera:
@Alistair Mackay nice explaination.
@Gaurav yadav find the policy example in http://kubernetes.io|kubernetes.io doc.
Go through this once:
https://github.com/ahmetb/kubernetes-network-policy-recipes