Whts the netpol solution for this?

saranya261290 · March 22, 2024, 7:22am

Task

Create a new NetworkPolicy named

allow-port-from-namespace in the existing namespace fubar

Ensure that the new Network Policy allows Pods in namespace internah to connect to port 9280/tcp of Pods in namespace internah to fubar.

Further ensure that the new NetworkPolicy:

. does not allow access to Pods, which don’t listen on port 9200/tcp

. does not allow access from Pods, which are not in namespace internal


apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: fubar
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: internah
    ports:
    - protocol: TCP
      port: 9280
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: internah
    ports:
    - protocol: TCP
      port: 9200

OR


apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: fubar
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: internah
    ports:
    - protocol: TCP
      port: 9280

Alistair_KodeKloud · March 23, 2024, 2:10pm

The wording of the question suggests only an ingress policy is required, since it mentions nothing about preventing pods in namespace fubar from accessing anything.

Therefore the second one is correct, since your ingress policy is correct in both, but an egress policy is not requested.