I have many namespaces and multiple services running on each namespace.
We are using calico plugin in our Kubernetes ckuster.
Looking for a way to restrict access b/w services/ingress.
Say, Service A, Service B and Service C are running in Namespace A.
I want Service B to access Service A, but not Service C. Can this be done with Networking policy in Kubernetes? Any example will be a great help.
Also, I want no services from Namespace B accessing any services in Namepsace A. But, I need some services from Namespace C accessing some services in namespace A. Can this be done using calico?
Thanks
Yes this is entirely possible.
Kubernetes network policies support both ingress/egress rules. Also there are three types of traffic selectors:
You can create labels on your pods and used those label selectors for identifying the pods to apply the policies.
Here is the link for the K8S api documentation for network policies.
And this github repository has lot of examples.