Network Policies for a Namespace

It took me a couple of days of testing to realize my mistake with a network policy that I had.

What I wanted was to allow communication to a pod on a certain port for other pods in the same namespace. If the communication was coming from outside the namespace I was opening another port to let those happen.

The challenge I faced and that took me a while to fix was not as much with the network policy but with the fact that the namespace specification did not include a proper label. The network policy can only match on a label at this time and I was trying to get it to match on the name of the namespace.

The solution was to add a label to the namespace and then match with it.

I also learned to use the “kubectl describe netpol/nameofit” a lot to properly understand what k8s was understanding from the yaml I was submitting. I made typoes that did not prevent the network policy to be accepted but an extra dash on a line make a whole world of difference.

There are great examples of network policies with these recipes.