K8s: View network policies - Wed, Aug 10, 2022
K8s: View network policies
This snippet is not so much a snippet but rather a link to a very useful page with which you can evaluate kubernetes network policies :
Since the structure of network policies is somewhat complicated, this tools is really nice since it detects syntax errors and outputs the content of a network policy in natural language. For example the following network policy:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: apiserver-egress
namespace: test
spec:
egress:
- ports:
- port: 6443
protocol: TCP
to:
- namespaceSelector:
matchLabels:
name: kube-system
podSelector:
matchLabels:
component: kube-apiserver
podSelector:
matchLabels:
app.kubernetes.io/name: nginx-ingress-controller
policyTypes:
- Egress
evaluates to the following description:
Policy 1 - apiserver-egress
Egress
Allows pods in namespace test with labels app.kubernetes.io/name:
nginx-ingress-controller to connect to pods with labels component:
kube-apiserver in namespaces with labels name: kube-system on port TCP 6443
Unfortunately it does not yet work vice versa ;-)
P.S.: The network policy above was intended to allow an nginx controller to connect to the api server. Unfortunately this does not work with selectors but only ip blocks…