How to prevent inter-namesapce communication in Kubernetes

9/27/2017

In our K8s cluster, micro-services for one application are hosted within one namespace. There is a plan for multiple applications, thus multiple namespaces.

We want communication between micro-services in a namespace through the cluster-ip service, but that between different namespaces to come through the API gateway, with some authentication, with some exceptions. How can we achieve this?

From what I see, K8s network policy is used for controlling pod to pod communication only. "namespaceSelector" works for limiting communication between namespaces, but disables NodePort access as well.

-- Paddy
kubernetes

1 Answer

10/4/2017

To access a service that is deployed in a different namespace than the one you’re accessing it from, use a FQDN in the form $SVC.$NAMESPACE.svc.cluster.local

For reference: http://kubernetesbyexample.com/sd/

-- Suraj Narwade
Source: StackOverflow