In our K8s cluster, micro-services for one application are hosted within one namespace. There is a plan for multiple applications, thus multiple namespaces.
We want communication between micro-services in a namespace through the cluster-ip service, but that between different namespaces to come through the API gateway, with some authentication, with some exceptions. How can we achieve this?
From what I see, K8s network policy is used for controlling pod to pod communication only. "namespaceSelector" works for limiting communication between namespaces, but disables NodePort access as well.
To access a service that is deployed in a different namespace than the one you’re accessing it from, use a FQDN in the form $SVC.$NAMESPACE.svc.cluster.local
For reference: http://kubernetesbyexample.com/sd/