network policy - Kubernetes : Allow traffic from one namespace to pods listening on one port-CodePudding

I am trying to create a network policy for the following conditions but does not seem to work. What am I doing wrong? Any help is much appreciated

create a network policy namespace project-e
the policy should allow all pods in namespace project-app to connect to port 8000 of Pods in namespace project-e
the policy should not allow access to pods that don't listen on port 8000
the policy does not allow access from pods that are not in namespace project-app

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: project-e
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: project-app
    - podSelector:
        matchLabels: {}
    ports:
    - protocol: TCP
      port: 8000

CodePudding user response：

since you want to allow all the pods from namespace which has a label "name: project-app" to namespace project-e.
You can remove the the matchLables:{} in podSelector as following :

kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: project-e
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: project-app
    - podSelector: {}
    ports:
    - protocol: TCP
      port: 8000

Make sure namespace project-app has a label name: project-app. Otherwise change it to appropriate label in above manifest.