Stack Overflow
Stack Overflow

Questions tagged [kubernetes-networkpolicy]

221 questions
25
votes
5 answers

How to allow access to kubernetes api using egress network policy?

Init container with kubectl get pod command is used to get ready status of other pod. After Egress NetworkPolicy was turned on init container can't access Kubernetes API: Unable to connect to the server: dial tcp 10.96.0.1:443: i/o timeout. CNI is…
Igor Stepin
  • 378
  • 3
  • 7
16
votes
3 answers

How to check if network policy have been applied to pod?

I'm trying to restrict to my openvpn to allow accessing internal infrastructure and limit it only by 'develop' namespace, so I started with simple policy that denies all egress traffic and see no effect or any feedback from cluster that it was…
animekun
  • 1,789
  • 4
  • 28
  • 45
15
votes
1 answer

Prevent inter-namespace communication in Kubernetes

I am new to Kubernetes networking. We have separated a Kubernetes cluster into a set of namespaces (e.g. namespace-a, namespace-b). Every namespace has a set of Kubernetes pods. Every pod has a service that is available at…
mitchkman
  • 6,201
  • 8
  • 39
  • 67
14
votes
1 answer

External ip pending Kubernetes Load balancer

Hi Installed Kubernetes using kubeadm in centos When i create the deployment using type Load Balancer in yaml file the External Ip is Pending for Kubernetes LB it is stuck in Pending state NAME TYPE CLUSTER-IP EXTERNAL-IP …
J Jedidiah
  • 151
  • 1
  • 1
  • 4
11
votes
3 answers

Kubernetes: How to allow two pods running in same/different namespace communicate irrespective of the protocol using a servicename?

Allow two pods (say pod A and B) running in same/different namespace communicate irrespective of the protocol(say http,https,akka.tcp) along with a valid Network policy applied. Solutions tried: Tried applying network policy to both the pods and…
Harsha G V
  • 586
  • 1
  • 6
  • 21
10
votes
1 answer

How to enable Network Policies in Docker for Mac with Kubernetes

Is there an easy way to enable Network Policies in single-node k8s cluster managed by Docker Desktop for Mac?
Erkan Erol
  • 1,334
  • 2
  • 15
  • 32
8
votes
4 answers

Whitelist "kube-system" namespace using NetworkPolicy

I have a multi-tenant cluster, where multi-tenancy is achieved via namespaces. Every tenant has their own namespace. Pods from a tenant cannot talk to pods of other tenants. However, some pods in every tenant have to expose a service to the…
mitchkman
  • 6,201
  • 8
  • 39
  • 67
8
votes
1 answer

Are multiple network policies rules processed logically as "and" rules or "or"?

In the basic example of the documentation for declaring a network policy: https://kubernetes.io/docs/concepts/services-networking/network-policies/#the-networkpolicy-resource So this sets several rules, as per the documentation: So, the example…
testTester
  • 2,371
  • 3
  • 18
  • 22
7
votes
1 answer

Kubernetes Health Checks Failing with Network Policies Enabled

When enabling only egress network policies, all readiness and liveness checks fail after pods are restarted. This is what I see when describing the pod: Warning Unhealthy 115s (x7 over 2m55s) kubelet, Readiness probe failed: Get…
nbrink
  • 436
  • 5
  • 14
7
votes
3 answers

kubernetes networkpolicy namespaceSelector select when namespace has no labels

I am trying to add a calico network policy to allow my namespace to talk to kube-system namespace. But in my k8s cluster kube-system has no labels attached to it, so I am not able to select pods in there. Below is what I tried but its not…
Hemant_Negi
  • 1,910
  • 1
  • 20
  • 25
7
votes
1 answer

Monitor or log dropped network traffic for Kubernetes NetworkPolicy

I'm interested in using Kubernetes NetworkPolicy to control network policy. I want to know if the NetworkPolicy is blocking traffic so I can either fix the policies or fix/stop whatever is in violation. We use Calico and they view this as a paid…
Ben Mathews
  • 2,939
  • 2
  • 19
  • 25
6
votes
5 answers

How can I isolate pods in namespace using NetworkPolicy without disabling external traffic to Kubernetes pods

I am trying to isolate my pods in namespace from other namespaces. I have tried to create a NetworkPolicy: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-from-other-namespaces spec: podSelector: matchLabels: …
Pratheesh
  • 565
  • 4
  • 19
5
votes
1 answer

Kubernetes NetworkPolicy - is this a stateful firewall?

Is NetworkPolicy a stateful firewall? For example, if I allow ingress from a certain IPs on certain ports, is the return traffic automatically allowed on ephemeral? Ditto for allowed egress. How does this play with a default block policy in…
Ilya Ayzenshtok
  • 721
  • 2
  • 7
  • 18
5
votes
2 answers

Kubernetes network policy deny-all policy not blocking basic communication

I am running a GKE cluster version 1.17.13-gke.1400. I have applied the following network policy in my cluster - apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny namespace: default spec: podSelector: {} …
Nimrod Fiat
  • 473
  • 3
  • 12
4
votes
1 answer

How to set egress > ipBlock for multiple IPs and ports?

Here is a section of my network policy: egress: -to: - ipBlock: cidr: 10.0.0.0/32 - ipBlock: cidr: 10.0.0.1/32 ports: - protocol: TCP port: 5978 I have a doubt whether these IPs will be allowed to…
Anonymous
  • 91
  • 1
  • 5
1
2 3
14 15