When a deployment is associated with a ServiceAccount and the
cluster-admin ClusterRole, can this deployment access a Pod under a Deployment in a different namespace, which contains an active NetworkPolicy, that prevents incoming network access from outside this namespace?
Currently, I can reach the Pod in question through their PodIP and FQDN from its own namespace, however I fail to achieve the same with the deployment that has the
cluster-admin ClusterRole associated with itself.
This deployment is able to e.g. change any container’s image tag in that cluster, but it can neither access a Pod through its PodIP nor through its FQDN.
Do I need to make an exception in the NetworkPolicy for the access to be allowed? (Not preferred)
Or can I modify the
cluster-admin associated deployment to bypass the NetworkPolicy? (Preferred)