Can't communicate with pods through services

Question

I have two deployment, where one of them creates 4 replica for php-fpm and another is a nginx webserver exposed to Internet through Ingress.

problem is that I can't connect to app service in webserver pod! (same issue while trying to connect to other services) ping result:

$ ping -c4 app.ternobo-connect
PING app.ternobo-connect (10.245.240.225): 56 data bytes

--- app.ternobo-connect ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

but pods are individually available with their ClusterIP.

app-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    ternobo.kubernates.service: app
    ternobo.kubernates.network/app-network: "true"
  name: app
  namespace: ternobo-connect
spec:
  replicas: 4
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 50%
  selector:
    matchLabels:
      ternobo.kubernates.service: app
  template:
    metadata:
      labels:
        ternobo.kubernates.network/app-network: "true"
        ternobo.kubernates.service: app
    spec:
      containers:
        - env:
            - name: SERVICE_NAME
              value: app
            - name: SERVICE_TAGS
              value: production
          image: ghcr.io/ternobo/ternobo-connect:0.1.01
          name: app
          ports:
            - containerPort: 9000
          resources: {}
          tty: true
          workingDir: /var/www
          envFrom:
            - configMapRef:
                name: appenvconfig
      imagePullSecrets:
        - name: regsecret
      restartPolicy: Always
status: {}

app-service.yaml:

apiVersion: v1
kind: Service
metadata:
  labels:
    ternobo.kubernates.network/app-network: "true"
  name: app
  namespace: ternobo-connect
spec:
  type: ClusterIP
  ports:
    - name: "9000"
      port: 9000
      targetPort: 9000
  selector:
    ternobo.kubernates.service: app
status:
  loadBalancer: {}

network-policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: app-network
  namespace: ternobo-connect
spec:
  podSelector: {}
  ingress:
  - {}
  policyTypes:
  - Ingress

I also tried to removing netwok policy and but it didn't work! and change podSelector rules to only select services with ternobo.kubernates.network/app-network: "true" label.

Answer 1

Kubernetes services urls are in my-svc.my-namespace.svc.cluster-domain.example format, see: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-aaaa-records
So the ping should be

ping -c4 app.ternobo-connect.svc.cluster.local

If the webserver is in the same namespace as the service you can ping the service name directly

ping -c4 app

---

I don't know the impact of network policy, I haven't worked with it.