Network Policies for a Namespace

It took me a couple of days of testing to realize my mistake with a network policy that I had.

What I wanted was to allow communication to a pod on a certain port for other pods in the same namespace. If the communication was coming from outside the namespace I was opening another port to let those happen.

The challenge I faced and that took me a while to fix was not as much with the network policy but with the fact that the namespace specification did not include a proper label. The network policy can only match on a label at this time and I was trying to get it to match on the name of the namespace.

The solution was to add a label to the namespace and then match with it.

I also learned to use the “kubectl describe netpol/nameofit” a lot to properly understand what k8s was understanding from the yaml I was submitting. I made typoes that did not prevent the network policy to be accepted but an extra dash on a line make a whole world of difference.

There are great examples of network policies with these recipes.

Published by

m5c

Java developper that loves photography and good coffee

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s