Network policies issue #653
Description
Hello everyone!
I face a problem regarding the network policies analyzed by kube-score. I receive a CRITICAL issue in the output of kube-score that says I don't have a network policy attached to my pods. The trick is that I do have network policies attached to my pods, and I can see that in my Openshift under the Network Tab. And also, the network policies are correctly applied and tested.
Here is the implementation:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-backend-to-services
spec:
podSelector:
matchLabels:
policy: backend-service
ingress:
- ports:
- protocol: TCP
port: xxxx
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-v1
labels:
app: backend-v1
spec:
{{- if not .Values.autoscaling.backend.enabled }}
replicas: {{ .Values.replicaCount.backend }}
{{- end }}
selector:
matchLabels:
app: backend-v1
template:
metadata:
{{- with .Values.podAnnotations.backend }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: backend-v1
name: backend-v1
policy: backend-service
The issue from the kube-score is this:
[CRITICAL] Pod NetworkPolicy
· The pod does not have a matching NetworkPolicy
Create a NetworkPolicy that targets this pod to control who/what
can communicate with this pod. Note, this feature needs to be
supported by the CNI implementation used in the Kubernetes cluster
to have an effect.
Can you help me understand what I am doing wrong?
Originally posted by @StefanDima14 in #652