I am trying to create a network policy for the following conditions but does not seem to work. What am I doing wrong? Any help is much appreciated
- create a network policy namespace project-e
- the policy should allow all pods in namespace project-app to connect to port 8000 of Pods in namespace project-e
- the policy should not allow access to pods that don't listen on port 8000
- the policy does not allow access from pods that are not in namespace project-app
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: project-e
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: project-app
- podSelector:
matchLabels: {}
ports:
- protocol: TCP
port: 8000
CodePudding user response:
since you want to allow all the pods from namespace which has a label "name: project-app" to namespace
project-e.You can remove the the
matchLables:{}inpodSelectoras following :
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: project-e
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: project-app
- podSelector: {}
ports:
- protocol: TCP
port: 8000
- Make sure namespace
project-apphas a labelname: project-app. Otherwise change it to appropriate label in above manifest.
