Hello team,
I am trying the Namespace-Based Isolation with Kubernetes Network Policies.
Here is the ask
Create a new, single network policy called allow-beta-logger-1 that would allows pods with label role=logger-1 from only the beta-logger namespace to the beta-prod namespace.
What I understand here pod from beta-logger with namespace label function=logging should only connect the pod in beta-prod.
I’m not able to understand solution provided here, as it say either namespace or pod with label.
Could you please have a look?
Thanks.
If I understand you correctly, then this is your yaml file:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-beta-logger-1
namespace: beta-prod
spec:
podSelector:
matchLabels:
role: logger-1
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: beta-logger
podSelector:
matchLabels:
role: logger-1
ports:
- protocol: TCP
port: CHANGE_PORT_NUMBER
Thanks for sharing the yaml file. I’m also able to create the same but the solution provided having either option in the From section, that what confused me.