-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
DO280 - OCP4.14-en-2-20240725
-
None
-
False
-
-
False
-
4
-
-
-
en-US (English)
Please fill in the following information:
| URL: | https://rol.redhat.com/rol/app/courses/do280-4.14/pages/ch04s03 |
| Reporter RHNID: | chetan-rhls |
| Section Title: | network-policy |
Issue description: Learner's query :
Do you agree the screenshot above says its should allow access from the runboulder namespace to my pods on the namespace home ?
and that works
and then the next bit as I understand it says that any pod tagged with app:amica should also be allowed access to the pods in the home namespace no matter what namespace those pods are in .
but the issue as I see from the console, not the yaml, is that they want pods labeled app-amica from the the home namespace
but the doc says any pods with the app=amica from any namespace
Why is it adding namespace home for the from ?
I read that as it needs the app=amica and from the namespace home
i.e. not any * namespace. how do I make the second rule the one with the podselector: app=amica allow access from any namespace ?
Checked with Maria ordonez on this in the chat:
This statement "...and then the next bit as I understand it says that any pod tagged with app:amica should also be allowed access to the pods in the home namespace no matter what namespace those pods are in" is not correct. The current configuration I see in the first screenshot only enables traffic from pod whose label is app=amica in namespaces with the runboulder label.
If the leaner wants to enable traffic from pods whose label is app=amica from any namespace, then the ingress configuration should be like this:
ingress: - from: - namespaceSelector: {} podSelector: matchLabels: app: amica
But this is not what the Red Hat course book says.{}
and she suggested to raise a Jira for this
Steps to reproduce:
Workaround:
Expected result:
