I have a minikube cluster installed and I am trying to get a simple NetworkPolicy working. I have installed Calico CNI in my minikube cluster.
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-7bdbfc669-jz9m2 1/1 Running 0 40m
kube-system calico-node-ncwp5 1/1 Running 0 40m
Here is my NetworkPolicy. All the pods are in the same namespace.
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: db-access-control
namespace: bootapp
spec:
podSelector:
matchLabels:
app: mysql8
ingress:
- from:
- podSelector:
matchLabels:
app: product-service
$ kubectl get po -n bootapp
NAME READY STATUS RESTARTS AGE LABELS
inventory-service-7d7c8dc79-b9hcs 1/1 Running 0 2m16s app=inventory-service,pod-template-hash=7d7c8dc79
mysql8-6b858fb5dc-9lj9p 1/1 Running 0 2m17s app=mysql8,pod-template-hash=6b858fb5dc
product-service-5dcccc579c-9fm2t 1/1 Running 0 2m12s app=product-service,pod-template-hash=5dcccc579c
I was expecting 'inventory-service' to be NOT READY, as it should not be able to connect to the DB on statup.
Both 'inventory-service' and 'product-service' are spring boot (data-jpa) apps trying to connect to mysql db on startup.
Do I need to configure anything to enable network policy evaluation by Calico on my Minikube cluster ?
How do I debug if calico is even trying to enforce the NetworkPolicy or not ?
UPDATE : Moving to Cilium as CNI plug-in seems to be working fine.
https://kubernetes.io/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy/
