Kubernetes : How to limit traffic to only two types of pods labeled 'A' and 'B' using a NetworkPolicy

0
votes

I have two types of pods A and B

Pod Type A

apiVersion: v1
kind: Pod
metadata:
  name: A
  labels:
    environment: production
spec:
...

Pod Type B

apiVersion: v1
kind: Pod
metadata:
  name: B
  labels:
    environment: production
spec:
...

And a NetworkPolicy (still don't know the proper way to use podselection)

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-all
spec:
  podSelector: {"A", "B"}
  policyTypes:
  - Ingress
  - Egress

Question : How do I define a single NetworkPolicy to limit traffic to only A & B pods (both ingress & egress) using a 'NetworkPolicy' in Kubernetes

References used : https://kubernetes.io/docs/concepts/services-networking/network-policies/

1
kuberneteskubernetes-podkubernetes-networkpolicy
If you want to use name then you probably want to use matchExpressions instead - Alex W
I'm not familiar with 'matchExpression'. What section of the manifest would this be in? - JumbledCode
Same section (spec.podSelector.matchExpressions), here's an example in the documentation - Alex W
You can see it if you look at the API reference: kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/… (this is dependent on your k8s version, this link is for v1.20) - Alex W
Thanks for pointing me the right direction - JumbledCode

1 Answers

4
votes

pod selectors do not have or condition on labels. The solution will be to create a common label in both pods - a and b and use pod selector on that common label.

In your question, you should use environment: production as a label to select correct pods. Pod selector works on labels and not the name of the pod.