[英]Kubernetes - Ingress network policy from other pod
I have 2 servcies running in same namespace. 我有2个在相同名称空间中运行的服务。 Both are working fine as expected. 两者都按预期工作。 Now, trying to connect serviceB( Label is app: serviceB ) from serviceA( Label is app: serviceA ). 现在,尝试从serviceA(Label是app:serviceA)连接serviceB(Label是app:serviceB)。 Hence, added ingress policy in serviceB as follows to allow traffic from serviceA. 因此,如下所示在serviceB中添加了入口策略,以允许来自serviceA的流量。
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: serviceA-whitelist
spec:
podSelector:
matchLabels:
app: serviceB
ingress:
- from:
- podSelector:
matchLabels:
app: serviceA
Still, it is not working. 尽管如此,它仍然无法正常工作。 I tried, log into serviceA as, 我尝试登录为serviceA,
kubectl exec -it serviceA-podname bash kubectl exec -it serviceA-podname bash
NC Command NC指令
nc -v -w 2 serviceB 8444 nc -v -w 2服务B 8444
Getting connection timeout. 正在获取连接超时。
Am i missing anything? 我有什么想念的吗?
As itaysk wrote, all traffic should be allowed by default except for created rule to deny all by default. 正如itaysk所写,默认情况下应允许所有流量,但默认情况下创建的规则拒绝所有流量。 The problem was with egress traffic: ingress was allowed and egress was denied. 问题出在出口流量上:允许进入而出口被拒绝。 After adding the rule to egress, all was stabilized. 在将规则添加到出口后,一切都稳定了。
It started working fine after adding the egress policy with the source. 在将源策略添加到出口策略后,它开始正常运行。
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: serviceB-egress-policy
spec:
podSelector:
matchLabels:
app: serviceA
egress:
- to:
- podSelector:
matchLabels:
app: serviceB
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.