K
Q

How to fix my NetworkPolicy not working problem?

10/25/2019

I am setting up Network Policy in k8s, but it does not work as my expectation.

My k8s has network policy enabled. It has to namespaces:

- proxy
- jupyter

Under namespace jupyter, it has lots of jupyter pods, and each jupyter pod has a service for it to provide cluster IP. Under namespace proxy, I have a node-proxy forwarding requests to each jupyter. The structure is like this:

- namespace proxy
   - pod node-proxy
- namespace jupyter
   - service a
   - pod a
   - service b
   - pod b
   - ...

I create a network policy like this:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
  namespace: jupyter
spec:
  podSelector: {}
  policyTypes:
  - Egress
  - Ingress
  Ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          ns: proxy
    ports:
    - protocol: TCP
      port: 8888

I want every jupyter pod can only be accessed by node-proxy. But when I enable above yaml file, node-proxy cannot access jupyter. Anything wrong?

-- xpbug
kubernetes

Similar Questions

How to monitor kubernetes persistence volume claim i.e disk usage
How to Add Internal DNS Records in Kubernetes
Multiple pods to multiple PVCs attached to subfolders
golang http server tailing logs kubeapi proxy
iptables rules for kube-dns

1 Answer

10/25/2019

A stupid question. I have a typo in it.

Ingress:

chang to

ingress:
-- xpbug
Source: StackOverflow