Bansi:
Can anyone help with the below two questions?
Make sure traffic coming from Pods of Namespace “A” from port 80 can access all pods in Namespace “B”.
Edit pod with port 80 and name HTTP. Create service for HTTP.
Thank you
Mohamed Ayman:
Which lab you have your questions in ?
The following manifest restricts traffic to only pods in namespaces that has label purpose=production. Save it to web-allow-prod.yaml and apply to the cluster:
kind: NetworkPolicy
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
metadata:
name: web-allow-prod
spec:
podSelector:
matchLabels:
app: web
ingress:
- from:
- namespaceSelector:
matchLabels:
purpose: production
Pradeep:
@Bansi the second question that you asked. At Pod.spec.containers
ports:
- name: http
containerPort: 80
Pradeep:
To create service, http here refers to the name of the port. So, you can just give --port=80 in the imperative command. Assuming, you want to expose your service externally - I am using service of type - NodePort
k expose deploy deployment-name --name service-name --port=80 --type=NodePort
Bansi:
@Pradeep I was unsure if we can provide a name when creating service. So I guess we cannot provide name for service but just the port
Bansi:
@Mohamed Ayman Thank you I did come across this example. I was wondering if there is a way we can specify the namespace even under the below section as the question was all pods from one namespace to another namespace.
spec:
podSelector:
matchLabels:
app: web
Mohamed Ayman:
Check all the examples and scenarios here:
https://github.com/ahmetb/kubernetes-network-policy-recipes