Rancher ver: 2.0.6
I found that if a namespace is put into a Project, Rancher will automatically create a NetworkPolicy for that namespace, which only allows network traffic between Pods which are in the same Project.
It’s very frustrating that if I try to install a service mesh framework such as Istio or Linkerd, and I put their namespaces into a Project, and then, things break!
So I’m wondering is there any method or workaround to allow network traffic across Projects?
Using Flannel in the meantime would resolve the issue as well.
@superseb Thanks for quick reply, I deployed a HA rancher cluster on bare metals so I guess already have Calico and Flannel running?
Using Flannel in the meantime would resolve the issue as well
Actually I can’t catch your point here, what should I do?
By default, you will get Canal which enforces the isolation of projects and it will be possible to disable this in the next release.
If you want to have it resolved for you, you can create a cluster with Flannel as network provider, this will not have network policies enabled.
@superseb I see, thanks a lot