The NetworkPolicy brakes access to the service

[behoof4mind]

Hello,

We have noticed that the default network policy do not allow to have connections towards gdscan.

# Source: vaas/templates/gdscan/networkpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: gdscan
  labels:
    helm.sh/chart: vaas-2.4.0
    app.kubernetes.io/name: gdscan
    app.kubernetes.io/instance: gdata-vaas
    app.kubernetes.io/namespace: default
    app.kubernetes.io/managed-by: Helm
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: gdscan
      app.kubernetes.io/instance: gdata-vaas
      app.kubernetes.io/namespace: default
  policyTypes:
  - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app.kubernetes.io/name: gateway
      ports:
        - port: 8080 # Upload

But to make service work we also need access to gdscan from our application. So to achieve it we use our custom policy which have additional selector fields:

  - from:
    - podSelector:
        matchLabels:
          app.kubernetes.io/instance: gdata-vaas
          app.kubernetes.io/name: gateway
    - namespaceSelector:
        matchLabels:
          app.kubernetes.io/part-of: <OUR_APP_NAME>
      podSelector:
        matchLabels:
          app.kubernetes.io/component: <OUR_APP_COMPONENT>
          app.kubernetes.io/instance: <OUR_APP_NAME>

Correct me if I am wrong, but application need to have TCP connection not only to the Gateway, but to the Gdscan as well.