Basavraj Nilkanthe:
Hello Team, while exploring more on network policy, I can restrict access on specific port of container in network policy and this pod exposed on specific service port and both container port and service port both are different… I can access this pod container by service port and it works… However if we are restricting pod with specific port but how we can access that application via service port(different)… As per network policy restriction, we can add container port not service port…
kubectl run --generator=run-pod/v1 apiserver --image=ahmet/app-on-two-ports --labels=app=apiserver
kubectl create service clusterip apiserver \
--tcp 8001:8000 \
--tcp 5001:5000
kind: NetworkPolicy
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
metadata:
name: api-allow-5000
spec:
podSelector:
matchLabels:
app: apiserver
ingress:
- ports:
- port: 5000
from:
- podSelector:
matchLabels:
role: monitoring
$ kubectl run --generator=run-pod/v1 test-$RANDOM --labels=role=monitoring --rm -i -t --image=alpine -- sh
/ # wget -qO- --timeout=2 <http://apiserver:8001>
wget: download timed out
/ # wget -qO- --timeout=2 <http://apiserver:5001/metrics>
http.requests=3
go.goroutines=5
go.cpus=1