Can anyone explain what the specified - podSelector: {} in the -from section rul . . .

Ceci Ivanov:
can anyone explain what the specified

  • podSelector: {} in the -from section rule does?
    image.png

manohar:
It has to be kept blank if internal namepsace pods do not have any label

manohar:
@Ceci Ivanov since the NetworkPolicy is going to get apply on internal namespace , in Pod selector it is looking for specific pods where it can match the labels… if you want to allow for all pods then also I think keep it blank

manohar:
Also in example namespaceSelector and podSelector are forming OR expression since those are different array items…
It says that allow access to all pods in internal namespace on 9000 port number from
all the pods in namespacecorp-net or all the pods in current namespace i.e. internal

Shwetha:
Try applying this netpol on your cluster and then describe it. It contains the readable format of its effect.

unnivkn:
Hi @Ceci Ivanov you may try this to visualize: https://editor.cilium.io/?id=FDNlII1yLL1dDdeZ

manohar:
This is really nice @unnivkn