Hi All, For Mock 3 Exam - Q5 - Any idea why the below rule will not work. Than . . .

Deepak Ladwa:
Hi All,

For Mock 3 Exam - Q5 -

Any idea why the below rule will not work. Thanks.

apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-to-nptest
namespace: default
spec:
podSelector:
matchLabels:
run: np-test-1
policyTypes:

Nimesh Kumar:
i think the pod selector needs to be empty here, that would mean that all pod are selected

Deepak Ladwa:
{} also signifies all pods right?

Mohamed Ayman:
Check the following:

apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
  name: ingress-to-nptest
  namespace: default
spec:
  podSelector:
    matchLabels:
      run: np-test-1
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 80
 
  - ports:
    - protocol: TCP
      port: 53
    - protocol: UDP
      port: 53

Deepak Ladwa:
No, its not working. Also, the solution from KK mentions only about port 80. Somehow I think the from clause needs to be defined differently.

Deepak Ladwa:
@Mohamed Ayman
Also, I was trying one more scenario to allow traffic only from a particular pod.

  1. default policy set to deny all (default NS)
  2. created nginx pod & svc. -l run=nginx
  3. created one more pod (testnp) in the default NS. -l env=prod

But, with below NP packets are not reaching from testnp pod to nginx pod. Can you please me to figure out what is the issue. Thanks!
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
metadata:
name: web-allow-prod
spec:
podSelector:
matchLabels:
run: nginx
ingress:

  • from:
    • podSelector:
      matchLabels:
      env: prod
      ports:
    • protocol: TCP
      port: 80

controlplane $ kubectl exec -it testnp – /bin/sh
/ # nc -z -v -w 2 nginx 80

Mrudul Palvankar:
Have a look at this https://github.com/ahmetb/kubernetes-network-policy-recipes