here is what i dont understand about network policy and service, pls help me.
There are 3 pods - main, front, api. They have labels app=main, app=api, app=front respectively.
All pods follow similar yaml file:
apiVersion: v1
kind: Pod
metadata:
labels:
app: front
name: front
spec:
containers:
- image: busybox
name: front
command:
- /bin/sh
- -c
- sleep 1d
I need to allow ingress+egress connection to main pod only from the 2 pods- api and front. I also created service-main - service that exposes main pod on port80.
Then network policy that i created, i applied it to main pod:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: incoming-main-policy
spec:
podSelector:
matchLabels:
app: main
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: front
ports:
- port: 80
egress:
- to:
- podSelector:
matchLabels:
app: front
ports:
- port: 80
Do i need to create services for pods - api and front? How to test it properly?
I tried to
k exec into api or front pod
and do ping service-main:80
or wget service-main:80
curl is not working (curl not found) I dont even know how to test if pod can connect to pod…
I tried to emulate similar problem that is q2 on lighting lab 1 - fix secure-pod and webapp-color pod connectivity, the solution video uses netcat like this:
k exec webapp-color -it -- sh
nc -z -v -w 5 secure-service 80
But netcat is not available in busybox image. pls help!