Welcome to the Linux Foundation Forum!

Exercise 6.5: Testing the Policy- Does the yaml file snippet actually answer the task required?

samude
samude Posts: 17
edited September 22 in LFD259 Class Forum

COPYRIGHTED CONTENT REMOVED

Sharing copyrighted training content violates the copyright rules of The Linux Foundation.

Please review the "Copyright and Usage Information" page included in the "Course Introduction" chapter.


I thought that specifying this field podSelector: {} would select all pods in that namespace and not only the nginx container as required by the task.

Could that be a typo or are we expected to infer that there is only one nginx container in that namespace?

Best Answer

  • chrispokorni
    chrispokorni Posts: 2,301
    Answer ✓

    Hi @samude,

    Since the exercise only tests the policy's effect on the nginx container, it is not necessary to declare a podSelector. However, if a complex multi-tier application were the use case, then multiple policies with distinct podSelectors would be required.

    Regards,
    -Chris

Answers

  • chrispokorni
    chrispokorni Posts: 2,301

    Hi @samude,

    Please be aware that sharing copyrighted training content in a public forum violates the copyright rules of The Linux Foundation.

    The copyrighted content shared in your post has been removed. Rephrase your question to minimize exposure of actual training content in the public forum.

    Regards,
    -Chris

  • samude
    samude Posts: 17
    edited September 22

    Hi @chrispokorni, first of all apologies for unintentionally sharing training content and thanks for calling my attention to that.

    My question is regarding task 7 of exercise 6.5. I thought that specifying this field podSelector: {} would select all pods in that namespace and not only the nginx container as required by the task.

    Could that be a typo or should one be expected to assume that there is only one nginx container in that namespace?

    Regards.

  • chrispokorni
    chrispokorni Posts: 2,301

    Hi @samude,

    An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...).
    You can read more about the NetworkPolicy resource in the official Kubernetes documentation:
    https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

    Regards,
    -Chris

  • samude
    samude Posts: 17

    Hi @chrispokorni, i understand this part clearly: An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...). For that reason i would like to know if that yaml example would correctly select only the nginx container as intended by the task or is there a typo in the yaml as both of us has agreed that an empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace and not just to the nginx container?

    Thanks and regards.

  • chrispokorni
    chrispokorni Posts: 2,301

    Hi @samude,

    An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...).

    To clarify, this means that the NetworkPolicy does not select any specific application Pod from the Namespace, instead, it applies the rules to all the Pods deployed in the Namespace.

    Regards,
    -Chris

  • samude
    samude Posts: 17
    edited September 22

    Hi @chrispokorni, from the task point of view that clearly instructs to target ONLY the nginx container, shouldn't podSelector: {} be corrected by adding a matchLabels with the pod label of the nginx container pod instead in order to select/target ONLY the nginx container pod as intended by the task?

    Thanks and regards.

  • samude
    samude Posts: 17

    Hi @chrispokorni , thanks for the clarification, I would think that it’s necessary to update the task with this clarification of yours. Otherwise that will leave candidates confused especially from the exam point of view.

    Thanks and regards.

Categories

Upcoming Training