From c9a4fce196c8c3823edb5845938500c8529a46f9 Mon Sep 17 00:00:00 2001
From: Lars Wefald <larwef@gmail.com>
Date: Fri, 11 Oct 2024 12:55:33 +0200
Subject: [PATCH] Corrected namespaceSelector for network policy

Corrected namespaceSelector for intra-namespace network policy
example. The label "name" does not exist on the namespace resource
kube-system, but the label "kubernetes.io/metadata.name" does.

Signed-off-by: Lars Wefald <larwef@gmail.com>
---
 docs/security/hardening-guide.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/security/hardening-guide.md b/docs/security/hardening-guide.md
index 53ed3acc1..2570dd3f4 100644
--- a/docs/security/hardening-guide.md
+++ b/docs/security/hardening-guide.md
@@ -380,7 +380,7 @@ spec:
     - from:
       - namespaceSelector:
           matchLabels:
-            name: kube-system
+            kubernetes.io/metadata.name: kube-system
 ```
 
 With the applied restrictions, DNS will be blocked unless purposely allowed. Below is a network policy that will allow for traffic to exist for DNS.