doubt about a network policy question - could someone help me?

twotwok40 · July 13, 2022, 6:32am

I answered this question, but I’m not sure if it’s correct, could someone help me?
create a new network policy named allow-port-from-namespace in the existing namespace fubar
ensure that the new networkpolicy allows pods in namespace internal to connect to port 9000 of pods in namespace fubar
futher ensure that the new networkpolicy

does not allow access to pods, which don’t listen on port 9000
does not allow access from pods, which are not in namespace internal

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: fubar
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: internal
      ports:
        - protocol: TCP
          port: 9000

twotwok40 · July 13, 2022, 11:11am

anyone could help me ?

Tej-Singh-Rana · July 13, 2022, 11:31am

Where did you get this question?

Tej-Singh-Rana · July 13, 2022, 11:47am

Just noticed. This is not satisfying the above network policy.
Where is this pod deployed?

Tej-Singh-Rana · July 13, 2022, 11:57am

twotwok40:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: fubar
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: internal
      ports:
        - protocol: TCP
          port: 9000

This netpol doing the below work. If I am not wrong,

All the pods on the “fubar” namespace can receive traffic on port 9000 from all the pods of the namespace with the label “kubernetes.io/metadata.name: internal”.

hakan_deliyurek · July 21, 2023, 9:03pm

I have been searching for the solution for this question but it seems no one answers it in the exam. Only 4%.