If I have Kubernetes service (cluster IP with port 12345) with three pods behind it as endpoints (port 16789) in a namespace, what should be whitelisted in network policy, just the service port or the endpoint port or DNS port? Network policy can only take pod/namespace labels as selectors, not service labels. It is not clear from the documentation. Trying to access the service from a different namespace. The environment uses Calico as CNI.
Asked
Active
Viewed 409 times
1 Answers
5
The network policies are on the pods network interfaces. You can have pod without service and want to add network policy.
So you have to allow port 16789.
Darkjeff
- 397
- 2
- 3
- 8