Solution for this question

Kubernetes
#1

Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace fubar.
Ensure that the new NetworkPolicy allows Pods in namespace internal to connect to port 9000 of Pods in namespace fubar.
Further ensure that the new NetworkPolicy:
✑ does not allow access to Pods, which don’t listen on port 9000
✑ does not allow access from Pods, which are not in namespace internal

I used the below yml file for np creation and three pods in playlabs for testing purpose
1.nginx in default ns
2.nginx in ns fubar listening on port 9000
3.nginx in ns internal

But it doesnt work

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-from-namespace
namespace: fubar
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:

#2

Hi @mohamedmans007 ,

Let’s first format your yaml file :

   

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: allow-port-from-namespace
    namespace: fubar
spec:
    podSelector: {}
    policyTypes:
        - Ingress
    ingress:
        - from:
            - namespaceSelector:
                matchLabels:
                    kubernetes.io/metadata.name: internal
          ports:
            - protocol: TCP
              port: 80

If the format below is correct, it means you authorize any pod on namespace internal to connect to any pod on namespace fubar on port 80.

But on the statement, the port should be 9000 not 80

#3

Thanks even if i change the port the pods on ns internal not connecting pods on ns fubar on port 9000
I created three pods with image nginx in the 1. default ns / 2. ns fubar exposed to 9000 / 3. ns internal

while runnning the command below its showing err

k exec nginx -n internal – curl < ip of the pod in ns fubar>

#4

Hi @mohamedmans007 ,

Please refer to this blog post :

and this one

#5

Nobody bothered to post the solution for this question? From searches, this question appears in the CKA since 2020.

#6