How can I block a k8s service (pod) from accessing an external azure redis?

28 views Asked by At

I want to do chaos testing, and I want to inject azure redis failure. So, I need to block my service pod to access the azure redis on port 90000 (not http/https protocol). I tried the networkPolicy, AuthorizationPolicy, but both didn't work. Also tried the ServiceEntry, it can change the dns to a fake ipaddress, but after I remove the serviceEntry, the redisclient in my service can't find it and can't restore, so it looks like the serviceentry can't satisfy my requirement. I tried AuthorizationPolicy to block the access from pod to pod, it worked fine. So can I use AuthorizationPolicy to implement it? I tried the below yaml, it didn't work: apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: restrict-by-ip namespace: my namespace spec: selector: matchLabels: app: myapp action: DENY rules:

  • to:
    • operation: ports: ["9000"] hosts: ["redishost"]

Who can give some comments? Thanks!

0

There are 0 answers