mtparet
commented
3 years ago Hello @elcomtik, Indeed, the installation of the logging network policy should not block the any traffic. Thanks for pointing the solution. PR is welcome !
Closed elcomtik closed 2 years ago
mtparet
commented
3 years ago Hello @elcomtik, Indeed, the installation of the logging network policy should not block the any traffic. Thanks for pointing the solution. PR is welcome !
ashish1099
commented
2 years ago have pushed a PR https://github.com/honestica/lifen-charts/pull/72
I just installed this chart and found that netpol applied is blocking all communication in the cluster. This includes kube-iptables-tailer communications to DNS and Kubernetes API.
According to the blog https://monzo.com/blog/we-built-network-isolation-for-1-500-services the logging network policy may be defined like this https://images.ctfassets.net/ro61k101ee59/58MFyU3MhVfHkyzhtHFBUG/674d381610a1f69a47b397659e956391/Screenshot_2019-11-04_at_14.09.57.png?w=656&q=90
We should add action: Allow and order: xxxx, greater than the default value for native netpols(networking.k8s.io/v1) to not block any traffic by this rule. I personally would like to remove TCP/UDP specification either, because I think this should be define with native k8s netpols.
Would you accept PR which resolves this?