How to correctly apply a NetworkPolicy when Pod -> PV-PVC -> Pod

luisvillarreal · July 24, 2021, 3:45am

I have a Pod running NFS, a Service to have a fixed url to place in a PV, a PVC bound to the PV, and finally another Pod that volume mounts this PVC. All in the same Namespace (except for the PV obviously).

My intent is to not allow Pods to mount an NFS that doesn’t belong to their namespace.

Followed this recipe to deny all outter-namespace ingress

Deny all outter-namespace ingress

Then labeled the PV to treat it as an outter-namespace Pod and allowed traffic from all namespaces, but specific labels.

None of them worked.

Cluster information:

Kubernetes version: 1.18.17
Cloud being used: GCP
Installation method: GKE
Host OS: Ubuntu

Topic		Replies	Views
Struggling with Network Policy General Discussions network	2	1260	March 15, 2024
Kubernetes network policy not getting applied General Discussions	1	610	September 28, 2018
How can I isolate pods in namespace using NetworkPolicy without disabling external traffic to Kubernetes pods General Discussions network	6	3239	December 8, 2023
Seeking Simplified Approaches for Common Kubernetes Network Policy Use Cases General Discussions	0	78	March 17, 2024
Ingress internal between VM and Namespace General Discussions	0	246	October 2, 2023

How to correctly apply a NetworkPolicy when Pod -> PV-PVC -> Pod

Cluster information:

Related Topics