Hello everyone,
I have encountered an issue while working on Task #4 out of 5 in the Kubernetes Networking lab on KodeKloud. This task requires creating a NetworkPolicy that allows the database pod to receive ingress traffic on port 3306 from the backup pod in the backup-system namespace.
The solution provided in the lab is as follows:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-backup-ingress-to-database
namespace: database
spec:
podSelector:
matchLabels:
app: database
ingress:
- from:
- namespaceSelector:
matchLabels:
role: backup-system
- podSelector:
matchLabels:
role: backup-system
ports:
- protocol: TCP
port: 3306
policyTypes:
- Ingress
However, my solution is structured like this:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-backup-ingress-to-database
namespace: database
spec:
podSelector:
matchLabels:
role: database
ingress:
- from:
- namespaceSelector:
matchLabels:
role: backup-system
podSelector: # use AND instead of OR
matchLabels:
role: backup # use backup instead of backup-system
ports:
- protocol: TCP
port: 3306
policyTypes:
- Ingress
In this case, the namespace is indeed labeled as backup-system, but the pods within that namespace are labeled with role=backup, as confirmed by running:
kubectl get pods -n backup-system --show-labels
Given this discrepancy, I am uncertain why my solution did not pass the test while the provided solution included a podSelector with a label that does not exist.
If anyone has encountered a similar issue or can offer insight into this situation, I would greatly appreciate your assistance! Thank you!