Welcome to the Linux Foundation Forum!

Network Policy - container ingress not working fully

In Lab 6.5. Testing a Policy
We create a deny-all (allclosed) network policy.
I have found that this blocks ingress from outside the cluster, but not from within the cluster to the container.

Comments

  • serewicz
    serewicz Posts: 1,000

    Hello,

    I'm unsure of what you mean by "from within the cluster". From where were the other pods trying to connect? What did you use to test this, and was it the pod ephemeral IP or the ClusterIP you tested?

    Regards,

  • shirleydst
    shirleydst Posts: 11

    Used curl on the pod ephemeral IP

  • serewicz
    serewicz Posts: 1,000

    Hello,

    When you use the ephemeral IP, you are not using the service. When not using the service you do not encouter the rules that would allow or deny network access.

    Regards,

Categories

Upcoming Training