K
Q

Kubernetes - Ingress network policy from other pod

6/21/2018

I have 2 servcies running in same namespace. Both are working fine as expected. Now, trying to connect serviceB( Label is app: serviceB ) from serviceA( Label is app: serviceA ). Hence, added ingress policy in serviceB as follows to allow traffic from serviceA.

apiVersion: extensions/v1beta1 
kind: NetworkPolicy 
  metadata:   
     name: serviceA-whitelist 
  spec:  
   podSelector:
     matchLabels:
       app: serviceB   
   ingress:
   - from:
     - podSelector:
         matchLabels:
           app: serviceA

Still, it is not working. I tried, log into serviceA as,

kubectl exec -it serviceA-podname bash

NC Command

nc -v -w 2 serviceB 8444

Getting connection timeout.

Am i missing anything?

-- user1578872
kubernetes

Similar Questions

kubectl apply yield forbidden, error when retrieving current configuration
Shared PersistenceVolumeClaim(PVC) across namespaces
Kubernetes storing persistent files
Volumes between deployment replicas
Kubernetes autoscaling : HPA not working with custom metrics for Java Netty API
Kubernetes FailedScheduling using nodeSelector

2 Answers

6/22/2018

It started working fine after adding the egress policy with the source.

apiVersion: extensions/v1beta1 
kind: NetworkPolicy 
  metadata:   
     name: serviceB-egress-policy
  spec:  
   podSelector:
     matchLabels:
       app: serviceA   
   egress:
   - to:
     - podSelector:
         matchLabels:
           app: serviceB
-- user1578872
Source: StackOverflow
6/22/2018

As itaysk wrote, all traffic should be allowed by default except for created rule to deny all by default. The problem was with egress traffic: ingress was allowed and egress was denied. After adding the rule to egress, all was stabilized.

-- Nick Rak
Source: StackOverflow