I am unable to define a network policy that allows an ingress controller
Example:
Pod in namespace A
Ingress controller in namespace kube-system
Policy:
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: access-microservices
spec:
podSelector:
matchLabels:
tier: microservices
ingress:
- from:
- podSelector:
matchLabels:
tier: microservices
- podSelector:
matchLabels:
tier: gateway
- podSelector:
matchLabels:
tier: tools
- namespaceSelector:
matchLabels:
tier: ingress
I have tested this with the following ingress controllers attaching the
label "tier: ingress":
- zlabjp/nghttpx-ingress-controller:v0.24.0
- gcr.io/google_containers/nginx-ingress-controller:0.8.3
Ingress is only working for containers that do match a network policy
restriction, for example my envoy gateway.
I need ingress a pod as my gateway does not support http 1.1 websockets
My setup is a 1.7, canal enabled, self hosted, muti-node, bootkube
initialized coreos-cluster
Anyone else got this working?
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
