after 1 hours eye-soring investigation, I gave up and come here for help.
I am using GKE free account for my own poc:
here is the network policy yaml:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: access-nginx
spec:
policyTypes:
- Ingress
podSelector:
matchLabels:
season: winter
ingress:
- from:
- podSelector:
matchLabels:
abc: granted
and here is the pod yaml:
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: my-nginx
season: winter
name: my-nginx
spec:
containers:
- image: nginx
name: pod
ports:
- containerPort: 80
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
after creating both items, I create a curl pod without any label and run:
kubectl exec pod/curl -it -- curl 10.0.7.205
the IP address 10.0.7.205 is the IP address for the my-nginx pod.
If this works as I hoped for, I should NOT be able to see the reply from the my-NGINX pod. but unfortunately, the network policy does not seem to control the traffic at all for this pod.
anyone?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
