I followed this article to check functionality of network policy
https://medium.com/better-programming/how-to-secure-kubernetes-using-network-policies-bbb940909364
Created 3 namespaces web, middleware, and database, created network policy for web and middleware exactly the same as mentioned in the article.
Instead of the following commands to create deployments
$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n web
$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n middleware
$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n database
I used this YAML content
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
tier: web
template:
metadata:
labels:
tier: web
spec:
containers:
- name: nginx
image: ewoutp/docker-nginx-curl
command:
- "/bin/sh"
- "-c"
- while true; do echo $(date) >> /mnt/blob/outfile; sleep 1; done
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
As per network policy my middleware should take connections from my web namespace but It was not working.
I am getting error as following
curl: (7) Failed to connect to <middleware-ip> port 80: Connection refused
command terminated with exit code 7
I am suspecting network policies are not applied properly. Please have a look at article to get more details.
My middleware network policy is as below
