Network policy in Kubernetes not working in different namespaces

Question

I followed this article to check functionality of network policy

https://medium.com/better-programming/how-to-secure-kubernetes-using-network-policies-bbb940909364

Created 3 namespaces web, middleware, and database, created network policy for web and middleware exactly the same as mentioned in the article.

Instead of the following commands to create deployments

$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n web

$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n middleware

$ kubectl create deployment nginx --image=ewoutp/docker-nginx-curl -n database

I used this YAML content

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      tier: web
  template:
     metadata:
       labels:
        tier: web
  spec:
     containers:
       - name: nginx
         image: ewoutp/docker-nginx-curl
         command:
           - "/bin/sh"
           - "-c" 
           - while true; do echo $(date) >> /mnt/blob/outfile; sleep 1; done

strategy:
   rollingUpdate:
   maxSurge: 0
  maxUnavailable: 1
  type: RollingUpdate

As per network policy my middleware should take connections from my web namespace but It was not working.

I am getting error as following

curl: (7) Failed to connect to <middleware-ip> port 80: Connection refused
command terminated with exit code 7

I am suspecting network policies are not applied properly. Please have a look at article to get more details.

My middleware network policy is as below

Answer 1

Exit Code 7 means your prog is not running.

In essence, it means within your Application Pod nginx is not able to respond on port 80 because process is getting killed for some reason.

So correct your application image/ deployment, and it should work as intended.