Francesco:
Hi guys, I have two pods and two services
test1 1/1 Running 0 60m computer = 1
test2 1/1 Running 0 59m computer = 2
service-test1 ClusterIP 10.110.124.88 <none> 80 / TCP 60m
service-test2 ClusterIP 10.102.209.8 <none> 80 / TCP 60m
I want to allow only pod (test2) with label computer = 2 to be able to connect to pod test1 with label computer = 1 on port 80
This is my manifest that fails in execution.
Do you have any suggestions?
Thanks
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-allow-from-computer-2
namespace: default
spec:
podSelector:
matchLabels:
computer: 1
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
computer: 2
ports:
- protocol: TCP
port: 80
George Lazaroff:
netpol looks fine for me
George Lazaroff:
how you tested it
Francesco:
kubectl create -f file.yaml fails
George Lazaroff:
show me the output
George Lazaroff:
let me check it out
Francesco:
Error from server (BadRequest): error when creating “np.yaml”: NetworkPolicy in version “v1” cannot be handled as a NetworkPolicy: v1.NetworkPolicy.Spec: v1.NetworkPolicySpec.Ingress: []v1.NetworkPolicyIngressRule: v1.NetworkPolicyIngressRule.Ports: []v1.NetworkPolicyPort: From: []v1.NetworkPolicyPeer: v1.NetworkPolicyPeer.PodSelector: v1.LabelSelector.MatchLabels: ReadString:expects " or n, but found 2, error found in #10 byte of …|omputer":2}}}],“port|…, bigger context …|from”:[{“podSelector”:{“matchLabels”:{“computer”:2}}}],“ports”:[{“port”:80,“protocol”:“TCP”}]}],"pod|…
George Lazaroff:
your indentation is not correct
Francesco:
My problem is always the indentation and my fear is during the exam… can you post me the file with the right indentation?
Francesco:
But many on line yaml validation tool give me yaml OK …
George Lazaroff:
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
name: ttest-allow-from-computer-2
namespace: default
spec:
podSelector:
matchLabels:
computer: "1"
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
computer: "2"
ports:
- protocol: TCP
port: 80
George Lazaroff:
also you had to put double “” for 1 and 2
George Lazaroff:
[vagrant@k8s-master ~]$ kubectl get netpol
NAME POD-SELECTOR AGE
netpol-app-db app=db 3d5h
ttest-allow-from-computer-2 computer=1 2m6s
[vagrant@k8s-master ~]$ kubectl delete netpol ttest-allow-from-computer-2
<http://networkpolicy.networking.k8s.io|networkpolicy.networking.k8s.io> "ttest-allow-from-computer-2" deleted
[vagrant@k8s-master ~]$
George Lazaroff:
it works for me
Francesco:
Now It works fine…but for me is a big issue to resolve indentation problem. What tool you suggest me?
Francesco:
However I have run my originale manifest, posted in chat, adding the “” and it worked fine. The problem so was the “” and not the indentation. Thanks a lot
Francesco:
Resolved the yaml file I have performed the connection test in this way:
kubectl exec -it test2 curl service-test1 80
works fine
kubectl exec -it test3 curl service-test1 80
works fine but I expected it to feel bad because the pod test3 label is different, not declared in the network policy. test3 1/1 Running 0 25m computer=3
Can you tell me why?
