Kubernetes Network Policies for Allowing Sqlplus Connections

The pod crashes. Traffic stops. You check the logs, but the network is a wall. Kubernetes Network Policies decide what talks and what stays silent. Sqlplus needs to connect, but policy blocks it cold.

Kubernetes Network Policies are rules enforced at the pod level. They control ingress and egress. If your Sqlplus client runs inside a pod, you must define policies that allow it to reach the database. Without them, packets drop. Connections fail.

First, verify the namespace. Network Policies apply within namespaces, and the default deny rule will stop everything unless you open specific ports and destinations. For Sqlplus, that usually means TCP traffic to port 1521 for Oracle databases.

Create a manifest with kind: NetworkPolicy. Use podSelector for the client pod running Sqlplus. Add policyTypes for Egress and Ingress if needed. Under egress, specify to with ipBlock or namespaceSelector pointing to the database service. Match ports to 1521. This keeps traffic tight and precise.

Example snippet:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
 name: sqlplus-egress
 namespace: oracle-client
spec:
 podSelector:
 matchLabels:
 app: sqlplus
 policyTypes:
 - Egress
 egress:
 - to:
 - ipBlock:
 cidr: 10.0.0.5/32
 ports:
 - protocol: TCP
 port: 1521

Apply the manifest. Test with Sqlplus inside the pod:

kubectl exec -it sqlplus-pod -- sqlplus user/pass@dbhost/service

If the connection works, the Network Policy is correct. If not, inspect the database endpoint and the namespace isolation rules.

When scaling, avoid wildcard CIDRs or broad namespace selectors unless essential. The tighter the policy, the smaller the attack surface. Document every port and IP allowed.

Kubernetes Network Policies give you control. Sqlplus needs those gates opened with precision. Build only the routes you require. Strip away everything else.

See it live in minutes at hoop.dev — connect, test, and lock down your clusters without waiting.