Abdul Rahim barry:
Hello,
For Exercise 1 of the Mock Exam 2 on the network policy, according to the statement of the exercise I do not understand the proposed resolution.
I proposed this resolution
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: NetworkPolicy
metadata:
name: allow-redis-access
namespace: prod-x12cs
spec:
podSelector:
matchLabels:
run: redis-backend
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: prod-yx13cs
- podSelector:
matchLabels:
backend: prod-x12c
The reason I do not put the port, because it is not indicate on the exercise
kodekloud offers this solution that the reason does not understand
Thanks for your help
unnivkn:
@Abdul Rahim barry please have a look on this:
unnivkn:
controlplane $ k get po,svc -n prod-x12cs --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod/redis-backend 1/1 Running 0 3m36s run=redis-backend
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS
service/redis-backend ClusterIP 10.98.222.52 <none> 6379/TCP 3m35s <none>
controlplane $
controlplane $
controlplane $ k get ns --show-labels
NAME STATUS AGE LABELS
default Active 34m <none>
kube-node-lease Active 34m <none>
kube-public Active 34m <none>
kube-system Active 34m <none>
prod-x12cs Active 5m9s function=redis-backend
prod-yx13cs Active 5m8s access=redis
sahara Active 7m55s <none>
controlplane $
===================================================
controlplane $ cat 1.yaml
apiVersion: http://networking.k8s.io/v1|networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-redis-access
namespace: prod-x12cs
spec:
podSelector:
matchLabels:
run: redis-backend
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}
namespaceSelector:
matchLabels:
access: redis
- podSelector:
matchLabels:
backend: prod-x12cs
controlplane $
===================================================
unnivkn:
fyi: port is optional
Abdul Rahim barry:
Thank you for your answer, I now understood how to use the namespaceSelector.
It’s perfect
