Not sure, What wrong i did. Created NP as per guidelines, still did not work. My Ans. Considered wrong
Please help
Your policy is incorrect. There is a very subtle difference between what is shown in your screenshot and the given answer to the left.
please help in resolving, I tried many things…
You don’t see the issue?
Your solution
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: default
- podSelector:
matchLabels:
app: cyan-white-cka28-trb
Given solution
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: default
podSelector:
matchLabels:
app: cyan-white-cka28-trb
Still don’t see it?
Ok, I got it, Thanks for pointing, will check and get back.
Know the following
- Each rule in the policy begins with
- - Each rule can have one or more of
namespaceSelectorandpodSelector - Within a single rule, the various selectors are
ANDed together - Multiple rules are
ORed together.
Your solution reads as follows:
ALL pods in namespace
default
-OR-
ANY pod with labelapp=cyan-white-cka28-trbin CURRENT namespace (namespace where the policy is created)
This is why cyan-black-cka28-trb still has access - because it matches "ALL pods in namespace default ". If a rule does not have a namespace selector, then it applies to the namespace where the policy is created.
Given solution reads
Pods in namespace
default
-AND-
has labelapp=cyan-white-cka28-trb
Therefore only that pod can access.
The question actually has a type in the pod name, in the lab env there is no cyan-white-cka28-trb1 pod created but the pod name is cyan-white-cka28-trb. This can be fixed by your team.
I have reported the typo.
Thanks