SaidBen:
Hi everyone, I have a question regarding the networking policy lab, question# 10; I did create the netpol that applies to internal
pods to allow egress traffic to payroll
and mysqldb
but for some reason I get an error when I test, What am I missing? here is my netpol.yaml
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
name: internal-policy
namespace: default
spec:
podSelector:
matchLabels:
name: internal
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
name: mysql
ports:
- protocol: TCP
port: 3306
- to:
- podSelector:
matchLabels:
name: payroll
ports:
- protocol: TCP
port: 8080
Hinodeya:
The last manifest seem to be good check if the pod have been exposed correctly ? Another way will be indentation during the copy
Hinodeya:
Could you send the error please
SaidBen:
I’v watched the solution video and they mentioned allowing ingress traffic to DNS in the netpol object otherwise will end up with name resolution issues.
Wong Song Ern:
hi. . you may have to add this for egress
egress:
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
give it a try for DNS
Basavraj Nilkanthe:
@SaidBen It would be better if you share exception to comment on this… Yes when you create egress rule for specific port , you have to consider for DNS port 53 otherwise your current pod wont able to resolve name of the target service/pod and it wont able to interact with kube-dns pod…
SaidBen:
I don’t get any detailed error, I just cannt reach MySQL and payroll pods from the UI of the Internal pod when I use the DNS names of the services to test. Do we need to worry about DNS resolution if we are asked to create a network policy object? I hope not