Ceci Ivanov:
can anyone explain what the specified
- podSelector: {} in the -from section rule does?
manohar:
It has to be kept blank if internal namepsace pods do not have any label
manohar:
@Ceci Ivanov since the NetworkPolicy is going to get apply on internal namespace , in Pod selector it is looking for specific pods where it can match the labels… if you want to allow for all pods then also I think keep it blank
manohar:
Also in example namespaceSelector and podSelector are forming OR expression since those are different array items…
It says that allow access to all pods in internal namespace on 9000 port number from
all the pods in namespacecorp-net or all the pods in current namespace i.e. internal
Shwetha:
Try applying this netpol on your cluster and then describe it. It contains the readable format of its effect.
unnivkn:
Hi @Ceci Ivanov you may try this to visualize: https://editor.cilium.io/?id=FDNlII1yLL1dDdeZ