Network Policy for Ingress and Egress with 2 pods(frontend,backend)

Certified Kubernetes Application Developer
#1

Guys I am still having doubts on NetworkPolicy essentially I have a following scnenario:

nginx frontend pod exposed with cluster ip on port 80
nginx backend pod exposed with cluster ip on port 80
Network Policy applied on backend pod with label run=backend

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      run: backend
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          run: frontend
    ports:
    - protocol: TCP
      port: 80
 egress:
  - to:
    - podSelector:
        matchLabels:
          run: frontend
    ports:
    - protocol: TCP
      port: 80
I can curl from the frontend to the backend but I cannot curl from the backend to the frontend. Is something that can be done> I want just to be sure that frontend pod can talk with backend and backend pod can talk with frontend on port 80
Is something that can be done or the ingress rule is enough to accomplish both the direction?

Thanks in advance for your help. 
``
#2

I’m not sure which lab this (or step of that lab) this is, but I’ll tell you that you do not need to configure a target pod both for ingress and egress. Probably the backend pod needs to allow ingress for the frontend pod; that’s all you need to do. So it likely needs to be an ingress only policy on backend pod that allows ingress from the frontend pod.

#3

It seems an odd rule to be applying.
A frontend talks to a backend, not the other way round.

Network policy rules are stateful. What this means is that you put an ingress only policy on the backend to allow the frontend access. The replies from the backend will get through without the need for a specific egress policy. They would still get through even if you had an egress policy that allows no egress!

#4

Guys thanks for your inputs here, this was just to understand properly how the policy behave not really to implement as pattern.