Network Policies not applied in Kube-System ns

[chakravarthi2u]

Hi All,

We are using calico network policy solution and except kube-system ns all other namespaces working fine controlling traffic according to network policies defined.

Right now, Kube-System ns allowing only all allow network policy and if we define any custom network policy, i am getting 502 bad gateway with [502][socket hang up][ECONNRESET] error.

Is there any restrictions IKS will apply on kube-system ns to not allow network policies?

[bradbehle]

I'm not sure of the context of this question. If it is related to IBM Cloud Kubernetes Service, I would not recommend applying your own policies to kube-system, since that namespace runs many pods (like Calico, coredns, ...) that are essential to the cluster to function properly. If you are going to apply policies specifically to kube-system, you would need to understand all the network connections that all the pods in that namespace require.