K
Q

Are network policies applied to service or endpoints?

4/4/2019

If I have Kubernetes service (cluster IP with port 12345) with three pods behind it as endpoints (port 16789) in a namespace, what should be whitelisted in network policy, just the service port or the endpoint port or DNS port? Network policy can only take pod/namespace labels as selectors, not service labels. It is not clear from the documentation. Trying to access the service from a different namespace. The environment uses Calico as CNI.

-- Hem
cni
kubernetes
project-calico

Similar Questions

C# HttpContext request internal Kubernetes URLs
I need to pass all nodes to Cassandra client?
Network endpoints are disabled after container in a Job pod exits and sidecar container is still running
Submitting to a Spark Master inside a kubernetes cluster
Minikube - Not able to get any result from elastic search to if it uses existing indices
How to do DNS pointing to aws eks

1 Answer

4/5/2019

The network policies are on the pods network interfaces. You can have pod without service and want to add network policy.

So you have to allow port 16789.

-- Darkjeff
Source: StackOverflow