missing dash before ports #50012
Comments
k8s-ci-robot
added
the
needs-triage
|
This issue is currently awaiting triage. SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
I don't think this issue is correct. Maybe we should use an different example policy, but the change you're proposing looks like the wrong fix. /priority awaiting-more-evidence |
k8s-ci-robot
added
the
priority/awaiting-more-evidence
|
I think maybe we shouldn't use port 53 UDP as an example. People are liable to try adapting this, and may then wonder why DNS doesn't work in that namespace. |
|
check out the "NetworkPolicy Namespace Selector" scenario from https://killercoda.com/killer-shell-cka/scenario/networkpolicy-namespace-communication |
|
@cindyhu-gd, are you talking about this example from here - apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978 |
When allow outgoing DNS traffic on port 53 TCP and UDP, a dash character should be placed before ports, see below snippet, otherwise, it won't take effect.
For example, without dash in front of ports, DNS name like microservice1.space2.svc.cluster.local cannot be resolved.
The text was updated successfully, but these errors were encountered: