K
Q

kubernetes networkpolicy namespaceSelector select when namespace has no labels

6/12/2019

I am trying to add a calico network policy to allow my namespace to talk to kube-system namespace. But in my k8s cluster kube-system has no labels attached to it, so I am not able to select pods in there. Below is what I tried but its not working.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-kube-system
  namespace: advanced-policy-demo
spec:
  podSelector: {}       # select all pods in current namespace.
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels: {}
      podSelector:
        matchLabels:
          tier: control-plane
  egress:
  - to:
    - namespaceSelector:
        matchLabels: {}
      podSelector:
        matchLabels:
          tier: control-plane
$ kubectl describe ns kube-system
Name:         kube-system
Labels:       <none>
Annotations:  <none>
Status:       Active

No resource quota.

No resource limits.

I there a way by which I can select a namespace by its name only?

-- Hemant_Negi
calico
kubernetes
kubernetes-networkpolicy
project-calico

Similar Questions

Jenkins on Kubernetes node is complaining its plug-ins need newer version of Jenkins, but don't want to lose data
Somehow my deployment was gone, is there any place which tracked the ‘gone/delete’ operation?
ASP.net Core OData serving HTTPS in Kubernetes with a certificate provided by an Ingress
How to run once an openshift job with configmap
Kubernetes - two pods (2/4) receiving same request

1 Answer

7/1/2019

What prevents you from creating a new labels for this namespace ?, like this:

kubectl label ns/kube-system calico=enabled
-- Nepomucen
Source: StackOverflow