Hi,
I want to allow external access to ClusterIP of specific services.
I tried as follows, but the Rule is created as Pod IP.
apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
name: rook-ceph-allow-cluster-ip
spec:
order: 10
applyOnForward: true
ingress:
- action: Allow
destination:
namespaceSelector: namespace.cluster.local.io == 'rook-ceph'
selector: app == 'rook-ceph-mon'
preDNAT: true
selector: has(host-endpoint)
Name: cali40s:wDHQoEWkVYY1xFSxA1sTwvL
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576
Size in memory: 640
References: 1
Number of entries: 3
Members:
172.25.173.219 (Pod IP)
172.19.15.237 (Pod IP)
172.25.173.211 (Pod IP)