Corrected namespaceSelector for network policy

Corrected namespaceSelector for intra-namespace network policy example. The label "name" does not exist on the namespace resource kube-system, but the label "kubernetes.io/metadata.name" does. Signed-off-by: Lars Wefald <larwef@gmail.com>
k3s-io · Oct 30, 2024 · d91254b · d91254b
1 parent d4d8938
commit d91254b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/security/hardening-guide.md b/docs/security/hardening-guide.md
@@ -380,7 +380,7 @@ spec:
     - from:
       - namespaceSelector:
           matchLabels:
-            name: kube-system
+            kubernetes.io/metadata.name: kube-system
 ```
 
 With the applied restrictions, DNS will be blocked unless purposely allowed. Below is a network policy that will allow for traffic to exist for DNS.