Update 07-allow-traffic-from-some-pods-in-another-namespace.md

ahmetb · Mar 23, 2022 · 8b6334e · 8b6334e
1 parent 8385bb1
commit 8b6334e
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/07-allow-traffic-from-some-pods-in-another-namespace.md b/07-allow-traffic-from-some-pods-in-another-namespace.md
@@ -77,7 +77,8 @@ If you don't see a command prompt, try pressing enter.
 / # wget -qO- --timeout=2 http://web.default
 wget: download timed out
 
-(traffic blocked)
+(traffic blocked) 
+Note: see remark below how to use OR in the network policy , so this example will work as well 
 ```
 
 Query this web server from `other` namespace, labelling the application `type=monitoring`, observe it is **allowed**:
@@ -93,6 +94,31 @@ If you don't see a command prompt, try pressing enter.
 (traffic allowed)
 ```
 
+## remarks
+Please note that that example below is OR condition 
+```
+ ingress:
+    - from:
+      - namespaceSelector:     # chooses all pods in namespaces labelled with team=opera
+          matchLabels:
+            team: operations
+      - podSelector:           # chooses pods with type=monitoring
+          matchLabels:
+            type: monitoring
+```            
+
+while this example is AND condition 
+```
+ ingress:
+    - from:
+      - namespaceSelector:     # chooses all pods in namespaces labelled with team=opera
+          matchLabels:
+            team: operations
+        podSelector:           # chooses pods with type=monitoring
+          matchLabels:
+            type: monitoring
+```  
+
 ## Cleanup
 
     kubectl delete networkpolicy web-allow-all-ns-monitoring