Question
Create a NetworkPolicy in the prod namespace which will allow traffic from ALL pods labelled as tier=frontend running in ALL namespaces.
Answer
This is a tricky question- to select pods with label tier=frontend from ALL namespaces.
So, you have to add podSelector configuration along with namespaceSelector block.
If you specify podSelector as a separate block then all pods will be selected only from default namespace with specific label.
Generate netpol:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-ns
namespace: prod
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector: {}
podSelector:
matchLabels:
tier: frontendkubectl apply -f np.yaml
kubectl -n prod describe netpol allow-all-ns