# Create Guard to Allow Ingress

Create Guard to Allow Ingress is used to create a CloudekaGuard will allow incoming traffic to pods with a certain label from pods with other labels that are in a different namespace. Using this syntax, you can control inbound access from permitted clients. You can first run the following syntax to create a YAML file with the name allow-ingress.

```bash
nano allow-ingress.yaml
```

Copy and paste the following YAML contents.

```yaml
apiVersion: tenants.cloudeka.ai/v1alpha2
kind: CloudekaGuard
metadata:
  name: allow-ingress
  namespace: ns1
spec:
  endpointSelector:
    matchLabels:
      app: web-app
  ingress:
  - fromEndpoints:
    - matchLabels:
        app: client-ns2
```

After pasting the syntax, save the file by pressing Ctrl + O, then press the Enter key and exit the editor by pressing Ctrl + X. The next step is to apply Cloudeka Guard.

```bash
kubectl apply -f allow-ingress.yaml
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudeka.ai/deka-gpu/deka-gpu-security/deka-guard/create-guard-to-allow-ingress.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.