Complete the code to allow incoming HTTP traffic on port 80 in a Kubernetes NetworkPolicy.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-http
spec:
podSelector: {}
ingress:
- ports:
- protocol: TCP
port: [1]Port 80 is the standard port for HTTP traffic, so it must be specified to allow HTTP ingress.
Complete the code to allow egress traffic to TCP port 53 for DNS resolution.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns-egress
spec:
podSelector: {}
egress:
- ports:
- protocol: TCP
port: [1]Port 53 is used for DNS queries, so allowing egress on TCP port 53 enables DNS resolution.
Fix the error in the NetworkPolicy to correctly specify ingress from pods with label app=frontend.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend-ingress
spec:
podSelector: {}
ingress:
- from:
- podSelector:
matchLabels:
app: [1]The label 'app: frontend' matches pods with the frontend role, allowing ingress from them.
Fill both blanks to allow egress traffic only to pods with label role=database on TCP port 5432.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-db-egress
spec:
podSelector: {}
egress:
- to:
- podSelector:
matchLabels:
role: [1]
ports:
- protocol: TCP
port: [2]Pods with label 'role: database' are targeted, and port 5432 is the default port for PostgreSQL database connections.
Fill all three blanks to create an ingress rule allowing TCP traffic on port 443 only from pods with label tier=frontend in namespace 'web'.
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-https-from-frontend spec: podSelector: {} ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: [1] podSelector: matchLabels: tier: [2] ports: - protocol: TCP port: [3]
The namespace label 'web' restricts source namespaces, 'tier: frontend' restricts pods, and port 443 is for HTTPS traffic.