I have the below scenario created a namespace finance and network policy that de . . .

Kubernetes-Slack Discussions
#1

Ceci Ivanov:
I have the below scenario created
a namespace finance
and network policy that denies all trafic to pods in namespace finance except from pods in the same namespace and on port 8080
How can i test if it is working, i created a pod nginx in the finance namespace and another one in default namespace but when i exec into the pod i don’t have curl installed so can’t try and talk to the pod, i used ping but seems not working even from a pod that is in the namespace(ping doesn’t get answer)
image.png

#2

Trung Tran:
if you dont have curl then install it with apt-get

#3

Ceci Ivanov:
tried it says apt-get not found

#4

Ceci Ivanov:
i exec with – sh

#5

Ceci Ivanov:
/bin/sh seems not to work either

#6

manohar:
nc -zv <hostname> <port no>

#7

Trung Tran:
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 27h
trungtran@Trungs-MacBook-Air ~ % kubectl exec -it nginx – sh
/ # curl
curl: try ‘curl --help’ or ‘curl --manual’ for more information
/ # curl http://google.com|google.com
<HTML><HEAD><meta http-equiv=“content-type” content=“text/html;charset=utf-8”>
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF=“http://www.google.com/”>here</A>.
</BODY></HTML>
/ #

#8

Trung Tran:
the nginx pod should have curl by default, I tried it locally and it worked just fine.

#9

Ceci Ivanov:
ooh wait because i ran a busybox pod… my bad

#10

Ceci Ivanov:
but i must exec that from another pod so i can see if it accepts traffic?

#11

Ceci Ivanov:
curl http://192.168.226.93:8080 it doesn’t work

#12

Ceci Ivanov:
i mean its not reaching the other nginx pod

#13

Trung Tran:
what is the internal ip of target pod, list the pod and you will see.

#14

Ceci Ivanov:
the target port (which i’m gonna curl) is 192.168.226.96 and port 8080
when i curl it with another nginx pod in the same namespace (same node) i get failed to connect…connection refused

however from pod outside the namespace i don’t get answer from curl at all so i think that the netpol is working

#15

Ceci Ivanov:
but my question is why the one pod can’t connect to the other ?

#16

Ceci Ivanov:
ooh because nginx answers only to port 80 i solved it

#17

Lakshmi Narayana Muvvala:
Busybox is good for curl

#18

Nitish Patni:
I think for namespaceSelector you need to take lable name from k describe namespace finance and take the lable from there and in network policy ingress>namespace Selector > name us that lable name.

#19

Lakshmi Narayana Muvvala:
Yes, need to update with namespace labels, mostly we don’t know that namespace also have labels