Poorni:
Hi, Created a netpol to allow only ingress from frontend pod to newpod.
Here is my ingress policy
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: venus
spec:
podSelector:
matchLabels:
run: newpod
policyTypes:
- Ingress
ingress: - from:
- podSelector:
matchLabels:
id: frontend
#id: api
- podSelector:
k8s@terminal:~$ k describe svc newpod -n venus
Name: newpod
Namespace: venus
Labels: run=newpod
Annotations: <none>
Selector: run=newpod
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.96.152.65
IPs: 10.96.152.65
Port: <unset> 80/TCP
TargetPort: 8080/TCP
Endpoints: 10.44.0.36:8080
Session Affinity: None
Events: <none>
While i tried this policy, unable to connect to newpod from frontend. where did i go wrong ?
i have checked to write some egress policy in the same cluster. its working.
k8s@terminal:~$ k -n venus exec -it frontend-5d5658f9d4-ms8tv – sh
/ # wget -O- --spider --timeout=2 http://xe.com|xe.com
Connecting to http://xe.com|xe.com (13.35.15.39:80)
Connecting to http://xe.com|xe.com (13.35.15.129:443)
Connecting to http://www.xe.com:443|www.xe.com:443 (52.84.229.69:443)
/ # wget -O- --spider --timeout=2 newpod:8080
Connecting to newpod:8080 (10.96.152.65:8080)
wget: download timed out
description of netpol
k8s@terminal:~$ k describe netpol test-network-policy -n venus
Name: test-network-policy
Namespace: venus
Created on: 2021-07-11 15:24:58 +0000 UTC
Labels: <none>
Annotations: <none>
Spec:
PodSelector: run=newpod
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: id=frontend
Not affecting egress traffic
Policy Types: Ingress