Kubernetes CKA sample exam question 121 with answer

Question
Create a NetworkPolicy called allow-port which allows access ONLY to port 8080.
Note:

• Pods CANNOT communicate on any port other than 8080
• Pods running in ALL other namespaces can also access port 8080

Answer
The task is to allow traffic from all pods running in ALL namespaces on port 8080.
Other pods running in default namespace can only access port 8080.
The trick here is that you should NOT allow access from ALL resources.
Remember, access can be allowed using Pod Selector, Namespace Selector and IP CIDR blocks:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - port: 8080
      protocol: TCP
    from:
    - podSelector: {}
    - namespaceSelector: {}