The solution seems to be missing the mark from a real-world scenario perspective. The backend pods would need to be protected from external access. Thus, instead of defining a netpol in the external namespace, it should instead be defined on the internal namespace, allowing access only from the frontend pods in the external namespace to the internal backend pods.
essentially flipping egress/to --> ingress/from and associated labels and so forth
IMO.
EDIT: Looking at sample exercise #2, troubleshooting. Essentially doing that. Which brings me back to a real-world case study AND from a learning perspective, trying to wrap my head around netpols, the egress "solution" was only confusing. Like in, "what's the point of this policy if the backend pods can be reached from all namespaces?"
Thanks.
The solution seems to be missing the mark from a real-world scenario perspective. The backend pods would need to be protected from external access. Thus, instead of defining a netpol in the external namespace, it should instead be defined on the internal namespace, allowing access only from the frontend pods in the external namespace to the internal backend pods.
essentially flipping egress/to --> ingress/from and associated labels and so forth
IMO.
EDIT: Looking at sample exercise #2, troubleshooting. Essentially doing that. Which brings me back to a real-world case study AND from a learning perspective, trying to wrap my head around netpols, the egress "solution" was only confusing. Like in, "what's the point of this policy if the backend pods can be reached from all namespaces?"
Thanks.