Kubernetes - Network Policy to allow traffic on port only within a namespace

Question

I need to create a network policy which accept the traffic (ingress + egress) between all pods inside the same namespace on a specific port ONLY (for example on port 9200).

I labeled my namespace called calico using kubectl label ns calico type=clico

I tried the below policy but after creating it, I created a pod to test telnet on port 9200 and it is not allowed.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: calico
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          type: calico
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 9200
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          type: calico
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 9200

Hi, how did you install calico? It is possible that you installed calico as CNI plugin without the network policy features. — Piotr Malec, Oct 27 '20 at 15:51

score 0 · Answer 1 · answered Jun 03 '21 at 19:26

0

Looks like a typo in namespace label: type=clico and policy definition: matchLabels: type: calico

answered Jun 03 '21 at 19:26

Dmitry Bogopolskiy

1

If the problem is caused by just a typo, it's better to flag it to be closed than to answer – camille Jun 03 '21 at 21:08

Kubernetes - Network Policy to allow traffic on port only within a namespace

1 Answers1