I have a Pod running NFS, a Service to have a fixed url to place in a PV, a PVC bound to the PV, and finally another Pod that volume mounts this PVC. All in the same Namespace (except for the PV obviously).
My intent is to not allow Pods to mount an NFS that doesn’t belong to their namespace.
Followed this recipe to deny all outter-namespace ingress
Then labeled the PV to treat it as an outter-namespace Pod and allowed traffic from all namespaces, but specific labels.
None of them worked.
Kubernetes version: 1.18.17
Cloud being used: GCP
Installation method: GKE
Host OS: Ubuntu