Exercise 6.5: Testing the Policy- Does the yaml file snippet actually answer the task required?

samude

COPYRIGHTED CONTENT REMOVED

Sharing copyrighted training content violates the copyright rules of The Linux Foundation.

Please review the "Copyright and Usage Information" page included in the "Course Introduction" chapter.

---

I thought that specifying this field podSelector: {} would select all pods in that namespace and not only the nginx container as required by the task.

Could that be a typo or are we expected to infer that there is only one nginx container in that namespace?

chrispokorni

Hi @samude,

Since the exercise only tests the policy's effect on the nginx container, it is not necessary to declare a podSelector. However, if a complex multi-tier application were the use case, then multiple policies with distinct podSelectors would be required.

Regards,
-Chris

chrispokorni

Hi @samude,

Please be aware that sharing copyrighted training content in a public forum violates the copyright rules of The Linux Foundation.

The copyrighted content shared in your post has been removed. Rephrase your question to minimize exposure of actual training content in the public forum.

Regards,
-Chris

samude

Hi @chrispokorni, first of all apologies for unintentionally sharing training content and thanks for calling my attention to that.

My question is regarding task 7 of exercise 6.5. I thought that specifying this field podSelector: {} would select all pods in that namespace and not only the nginx container as required by the task.

Could that be a typo or should one be expected to assume that there is only one nginx container in that namespace?

Regards.

chrispokorni

Hi @samude,

An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...).
You can read more about the NetworkPolicy resource in the official Kubernetes documentation:
https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

Regards,
-Chris

samude

Hi @chrispokorni, i understand this part clearly: An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...). For that reason i would like to know if that yaml example would correctly select only the nginx container as intended by the task or is there a typo in the yaml as both of us has agreed that an empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace and not just to the nginx container?

Thanks and regards.

chrispokorni

Hi @samude,

An empty podSelector: {} applies the NetworkPolicy rules to all the Pods in the Namespace, regardless of application (webserver, database, backend, etc...).

To clarify, this means that the NetworkPolicy does not select any specific application Pod from the Namespace, instead, it applies the rules to all the Pods deployed in the Namespace.

Regards,
-Chris

samude

Hi @chrispokorni, from the task point of view that clearly instructs to target ONLY the nginx container, shouldn't podSelector: {} be corrected by adding a matchLabels with the pod label of the nginx container pod instead in order to select/target ONLY the nginx container pod as intended by the task?

Thanks and regards.

samude

Hi @chrispokorni , thanks for the clarification, I would think that it’s necessary to update the task with this clarification of yours. Otherwise that will leave candidates confused especially from the exam point of view.

Thanks and regards.