I want to do chaos testing, and I want to inject azure redis failure. So, I need to block my service pod to access the azure redis on port 90000 (not http/https protocol). I tried the networkPolicy, AuthorizationPolicy, but both didn't work. Also tried the ServiceEntry, it can change the dns to a fake ipaddress, but after I remove the serviceEntry, the redisclient in my service can't find it and can't restore, so it looks like the serviceentry can't satisfy my requirement. I tried AuthorizationPolicy to block the access from pod to pod, it worked fine. So can I use AuthorizationPolicy to implement it? I tried the below yaml, it didn't work: apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: restrict-by-ip namespace: my namespace spec: selector: matchLabels: app: myapp action: DENY rules:
- to:
- operation: ports: ["9000"] hosts: ["redishost"]
Who can give some comments? Thanks!