On Wednesday, July 19, 2017 at 5:53:18 PM UTC+3, mrpanigale wrote: > I am unable to define a network policy that allows an ingress controller > > > Example: > > > Pod in namespace A > Ingress controller in namespace kube-system > > > Policy: > > kind: NetworkPolicy > apiVersion: networking.k8s.io/v1 > metadata: > name: access-microservices > spec: > podSelector: > matchLabels: > tier: microservices > ingress: > - from: > - podSelector: > matchLabels: > tier: microservices > - podSelector: > matchLabels: > tier: gateway > - podSelector: > matchLabels: > tier: tools > - namespaceSelector: > matchLabels: > tier: ingress > > > I have tested this with the following ingress controllers attaching the label > "tier: ingress": > - zlabjp/nghttpx-ingress-controller:v0.24.0 > > - gcr.io/google_containers/nginx-ingress-controller:0.8.3 > > > > Ingress is only working for containers that do match a network policy > restriction, for example my envoy gateway. > I need ingress a pod as my gateway does not support http 1.1 websockets > > > My setup is a 1.7, canal enabled, self hosted, muti-node, bootkube > initialized coreos-cluster > > > Anyone else got this working?
Hi! Did you manage to fix that? I'm facing the same issue now. -- ------------------------------ Ciklum refers to one or more of Ciklum Group Holdings LTD. and its subsidiaries and affiliates each of which is a legally separate entity. Ciklum LLC is a limited liability company registered in Ukraine under EDRPOU code 31902643, with its registered address at 12 Amosova St., 03680, Kyiv, Ukraine. The contents of this e-mail (including any attachments) are confidential and may be legally privileged. If you are not the intended recipient of this e-mail, please notify the sender immediately and then delete it (including any attachments) from all your systems. Any unauthorised use, reproduction, distribution, disclosure and/or modification of this message and/or its contents are strictly prohibited. We cannot guarantee that this e-mail is secure or error-free. Ciklum cannot be held liable for any loss or damage caused by software viruses or resulting from any use of or reliance on this email by anyone, other than the intended addressee to the extent agreed in a contract for the matter to which this email relates (if any). Messages sent to and from Ciklum may be monitored; by replying to this e-mail you give your consent to such monitoring. Notice: we do not accept service by e-mail of court proceedings, other processes or formal notices of any kind without specific prior written agreement. This email does not constitute a binding offer or acceptance for Ciklum unless so set forth in a separate document. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
