ExamTopics Logo
Mail Us[email protected]
Menu
Cncf Discussions
exam questions

Exam CKA All Questions

View all questions & answers for the CKA exam
Go to Exam

Exam CKA topic 1 question 19 discussion

Actual exam question from CNCF's CKA
Question #: 19
Topic #: 1
[All CKA Questions]

SIMULATION
-






Task
-

Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace echo.

Ensure that the new NetworkPolicy allows Pods in namespace internal to connect to port 9200/tcp of Pods in namespace echo.

Further ensure that the new NetworkPolicy:

• does not allow access to Pods, which don't listen on port 9200/tcp
• does not allow access from Pods, which are not in namespace internal

Show Suggested Answer Hide Answer
Suggested Answer:
by abu7midan at Nov. 17, 2023, 1:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fungchan012
11 months ago
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: echo spec: podSelector: {} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: internal ports: - protocol: TCP port: 9200
upvoted 1 times
...
fc146fc
11 months, 1 week ago
kubectl create ns echo ( if this is not created) kubectl create ns internal kubectl label ns internal namespace=internal apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: echo spec: podSelector: {} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: namespace: internal ports: - protocol: TCP port: 9200
upvoted 3 times
...
skywalker
1 year, 1 month ago
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: echo spec: policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: internal ## Ensure "name=internal" exists when "k get ns --show-labels" ports: - protocol: TCP port: 9200
upvoted 3 times
GCPCloudArchitectUser
11 months, 1 week ago
you are nissing pod-selector here , please find the answer below from abu7mldan
upvoted 1 times
...
...
abu7midan
1 year, 1 month ago
k create ns echo k label ns echo part=echo k apply -f np.yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: echo spec: policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: part: echo ports: - protocol: TCP port: 9200
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel