How to use DSN services in K8s

59 Views Asked by Kimou At 26 September 2023 at 17:01

I have both an Angular frontend and a backend running on K8s, and I need to apply a NetworkPolicy to the backend pod with the following rule: only allow ingress traffic from your frontend (in the same namespace). The issue at hand is that the front-end's call to reach the backend is done through an URL_ENV (host/path) generated by the backend's Ingress object. In this case, we cannot apply the NetworkPolicy since the communication is not happening pod to pod.

I tried to make to make call using the backend service name and even with the service's DNS.

Original Q&A

There are 1 best solutions below

xPetersue On 26 September 2023 at 19:24

You can use labels to identify the frontend and backend pods.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-frontend
spec:
  podSelector:
    matchLabels:
      app: backend-app # Label to identify your backend pods
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend-app # Label to identify your frontend pods

And then ensure the labels on the pods.

metadata:
  labels:
    app: frontend-app

metadata:
  labels:
    app: backend-app

Note: By using this NetworkPolicy, you're allowing traffic from pods labeled with app: frontend-app to access pods labeled with app: backend-app, regardless of how the frontend's calls are routed (e.g., through Ingress or service DNS).

It's similar as the AWS Security Group (sg in sg).

Reference: https://kubernetes.io/docs/concepts/services-networking/network-policies/

How to use DSN services in K8s

There are 1 best solutions below

Related Questions in ANGULAR

Related Questions in SPRING

Related Questions in KUBERNETES

Related Questions in KUBE-DNS

Trending Questions

Popular # Hahtags

Popular Questions