The situation is that I have two k8s services which are connected between them. Both are flask servers. The connection between them is as follows, if someone makes a POST to the first one, this get the text input and POST it to the second server which adds some more text to the original text that was posted by the user and, finally, the two texts together are returned to the first server and it returns the final text to the user.
To allow this connection between my k8s services (called master and slave, which matchlabels app-master and app-slave) I have the following networkPolicy:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master
To make a curl from outside the tenant I have to use traefik because I am working in a tenant which already has traefik as NodePort, so I can NOT expose my master service as nodePort or convert it to kind LoadBalancer. The ingress I have for this application is the next
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001
I have also a DNS which allows me to make request to an address (https://name_in_the_DNS) instead of doing the requests to the IP of my tenant. The problem is that when I try to do the following request:
curl https://name_in_the_DNS/master -X POST -d texto
Gives me an error (Gateway Timeout). While if I use "kubectl port-forward" the app works as expected. Any idea of how to solve this issue? I suppose it has something to do with the networkPolicy because I have other applications inside the tenant and the curl requests works for them.
Thanks in advance!
For looking at the services and deployments yamls: Could two cluster IP services be connected in Kubernetes?
The problem is already solved. The thing is that we have traefik in other namespace so another networkpolicy which allows communication between any namespace was missing. The yaml which fixed the issue is as follows.
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: all-to-all
namespace: innovation
spec:
podSelector: {} #all pods in the namespace (innovation)
ingress:
- from:
- namespaceSelector: {} #from all namespaces, including the one in which traefik ingress is located
policyTypes:
- Ingress