Locking down network traffic between Kubernetes namespaces #13968
Unanswered
devops-newbee
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Controlling traffic via linkerd.txt
We have AWS EKS shared cluster on version 1.31. Linkerd-edge version edge-25.4.4 is implemented. 2 Namespaces in scope: labtest and labtest-drm. In labtest ns, there is a pod data-manager which should only accept traffic from another pod(gateway) in same ns.
BUt, when we curl the pod(data-manager) from labtest-drm ns, we get a response. Ideally it should not be the case.
Below are the server/authorizationPolicy and MeshTLSAuthentication custom resource yamls for n labtest.
Internamespace communication is enabled.
In the namespace object we enabled the inter namespace communications as:
namespace: labtest:
cross_namespace_traffic_ingress = [
{
namespace = "labtest-drm"
ports = ["8080", "443", "80"]
},
]
egress_rule_port_numbers = [8194]
namespace: labtest-drm
cross_namespace_traffic_egress = [
{
namespace = "labtest"
ports = ["8080", "443", "80"]
}
]
egress_rule_port_numbers = [8194]
Attached are the Linkerd custom resources and curl output.
Beta Was this translation helpful? Give feedback.
All reactions