Enable rsync in Kubernetes with the Right Network Policies
The pod is up. The rsync command waits. But nothing moves.
Kubernetes Network Policies can make or break your data transfer workflows. When they block rsync, jobs stall, deployments fail, and timelines slip. The fix is not guesswork—it’s precise configuration.
Network Policies in Kubernetes are rules that control how pods communicate with each other and external services. By default, if Network Policies are applied without the right permissions, rsync traffic can be dropped. Rsync uses TCP, usually on port 22 for SSH, or custom ports when configured differently. If those ports are not allowed in your NetworkPolicy YAML, rsync will fail silently.
To enable rsync with Kubernetes Network Policies:
- Identify the source pod and destination pod or service.
- Determine the exact ports used by rsync.
- Update NetworkPolicies to allow ingress and egress rules for those ports and the required namespace or labels.
- Apply and test immediately using
kubectl execandrsynccommands.
Example NetworkPolicy snippet to permit rsync over SSH:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-rsync
namespace: your-namespace
spec:
podSelector:
matchLabels:
app: target-app
ingress:
- from:
- podSelector:
matchLabels:
app: source-app
ports:
- protocol: TCP
port: 22
egress:
- to:
- podSelector:
matchLabels:
app: target-app
ports:
- protocol: TCP
port: 22
policyTypes:
- Ingress
- Egress
Always set both ingress and egress rules. One-way permission is not enough. Test with small files before running production rsync jobs. Keep your Network Policies under version control to track changes.
Security remains intact—Network Policies still block unwanted connections—but rsync moves freely where it is allowed. This balance keeps clusters stable and jobs reproducible.
You can configure this and see it in action without waiting for a full deployment cycle. Visit hoop.dev and get your Kubernetes Network Policy + rsync setup live in minutes.