kubernetes-networkpolicy

问题 The situation is that I want to connect two cluster IP services that are inside a tenant which already has Traefik as NodePort so that any of these two services can be a LoadBalancer because the NodePort is used by Traefik. The two services I am trying to connect work as follows. The first one, which I called "Master", will receive a post from the client with a text and will call the other service, called "slave", which will add some text ("Hola Patri") to the text sent by the client. The two

问题 I have two pods namely payroll and mysql labelled as name=payroll and name=mysql . There's another pod named internal with label name=internal . I am trying to allow egress traffic from internal to other two pods while allowing all ingress traffic. My NetworkPoliy looks like this: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: internal-policy spec: podSelector: matchLabels: name: internal policyTypes: - Ingress - Egress ingress: - {} egress: - to: - podSelector:

问题 I have two pods namely payroll and mysql labelled as name=payroll and name=mysql . There's another pod named internal with label name=internal . I am trying to allow egress traffic from internal to other two pods while allowing all ingress traffic. My NetworkPoliy looks like this: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: internal-policy spec: podSelector: matchLabels: name: internal policyTypes: - Ingress - Egress ingress: - {} egress: - to: - podSelector:

问题 I followed this article to check functionality of network policy https://medium.com/better-programming/how-to-secure-kubernetes-using-network-policies-bbb940909364 Created 3 namespaces web, middleware and database, created network policy for web and middleware exactly the same as mentioned in the article. Instead of the following commands to create deployments $ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n web $ kubectl create deployment nginx --image=ewoutp/docker

问题 The situation is that I have two k8s services which are connected between them. Both are flask servers. The connection between them is as follows, if someone makes a POST to the first one, this get the text input and POST it to the second server which adds some more text to the original text that was posted by the user and, finally, the two texts together are returned to the first server and it returns the final text to the user. To allow this connection between my k8s services (called master

问题 Init container with kubectl get pod command is used to get ready status of other pod. After Egress NetworkPolicy was turned on init container can't access Kubernetes API: Unable to connect to the server: dial tcp 10.96.0.1:443: i/o timeout . CNI is Calico. Several rules were tried but none of them are working (service and master host IPs, different CIDR masks): ... egress: - to: - ipBlock: cidr: 10.96.0.1/32 ports: - protocol: TCP port: 443 ... or using namespace (default and kube-system