Deepak Ladwa:
Hi All,
For Mock 3 Exam - Q5 -
Any idea why the below rule will not work. Thanks.
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-to-nptest
namespace: default
spec:
podSelector:
matchLabels:
run: np-test-1
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
ports:
- port: 80
protocol: TCP
Nimesh Kumar:
i think the pod selector needs to be empty here, that would mean that all pod are selected
Deepak Ladwa:
{} also signifies all pods right?
Mohamed Ayman:
Check the following:
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
name: ingress-to-nptest
namespace: default
spec:
podSelector:
matchLabels:
run: np-test-1
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
ports:
- protocol: TCP
port: 80
- ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
Deepak Ladwa:
No, its not working. Also, the solution from KK mentions only about port 80. Somehow I think the from clause needs to be defined differently.
Deepak Ladwa:
@Mohamed Ayman
Also, I was trying one more scenario to allow traffic only from a particular pod.
- default policy set to deny all (default NS)
- created nginx pod & svc. -l run=nginx
- created one more pod (testnp) in the default NS. -l env=prod
But, with below NP packets are not reaching from testnp pod to nginx pod. Can you please me to figure out what is the issue. Thanks!
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
metadata:
name: web-allow-prod
spec:
podSelector:
matchLabels:
run: nginx
ingress:
- from:
- podSelector:
matchLabels:
env: prod
ports:
- protocol: TCP
port: 80
controlplane $ kubectl exec -it testnp – /bin/sh
/ # nc -z -v -w 2 nginx 80