Hi everyone,
I’m currently working on Task #3 out of 5 in the Kubernetes Networking lab on KodeKloud, and I’ve encountered an issue with passing it. The task requires creating a NetworkPolicy that allows the database pod to receive ingress traffic on port 3306 specifically from the website pod.
The solution provided in the lab was as follows:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-website-ingress-to-database
namespace: database
spec:
podSelector:
matchLabels:
role: database
ingress:
- from:
- namespaceSelector:
matchLabels:
role: website
- podSelector:
matchLabels:
role: website
ports:
- protocol: TCP
port: 3306
policyTypes:
- Ingress
However, I believe this configuration may not fully align with the requirements. The namespaceSelector and podSelector should ideally be under the same from block, as shown below:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-website-ingress-to-database
namespace: database
spec:
podSelector:
matchLabels:
role: database
ingress:
- from:
- namespaceSelector:
matchLabels:
role: website
podSelector: #using AND instead of OR
matchLabels:
role: website
ports:
- protocol: TCP
port: 3306
policyTypes:
- Ingress
In theory, this version should allow only traffic from pods labeled role: website in the namespace labeled role: website, aligning with the task’s requirement. But when I used this solution, I couldn’t pass the test.
It seems the lab may be looking for the specific structure of the provided solution. Has anyone else encountered this?
Thank you in advance!