Ceci Ivanov:
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
name: np1
namespace: default
spec:
podSelector:
matchLabels:
run: nginx
ingress:
- from:
- podSelector:
matchLabels:
run: busybox
ports:
- protocol: TCP
port: 80
policyTypes:
- Ingress
mjv:
in 1st netpol you have 1 rule which allows inbound traffic only from pods with label run=busybox via port 80 so only that inbound traffic is allowed
in 2nd netpol have 2 rules
one rule is allowing pods with defined label (on any port) and another rule is allowing incoming traffic over port 80 (so you can use pods with some other labels or without labels at all)
you can update name on 2st netpol to np2 and compare the output of describe cmd
k describe netpol np1 and k descripe netpol np2
$ k describe netpol
Name: np1
Namespace: default
Created on: 2022-11-09 15:00:51 +0000 UTC
Labels: <none>
Annotations: <none>
Spec:
PodSelector: run=nginx
Allowing ingress traffic:
To Port: 80/TCP
From:
PodSelector: run=busybox
Not affecting egress traffic
Policy Types: Ingress
Name: np2
Namespace: default
Created on: 2022-11-09 15:04:05 +0000 UTC
Labels: <none>
Annotations: <none>
Spec:
PodSelector: run=nginx
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: run=busybox
----------
To Port: 80/TCP
From: <any> (traffic not restricted by source)
Not affecting egress traffic
Policy Types: Ingress
Ceci Ivanov:
thank you