CKAD Mock Exam 2, Q 12 netpol

M-Skacel · December 3, 2024, 2:09pm

Please use the namespace nginx-deployment for the following scenario.
Create a deployment with name nginx-ckad11 using nginx image with 1 replicas. Also expose the deployment via ClusterIP service .i.e. nginx-ckad11-service on port 80. Use the label app=nginx-ckad for both resources.

Now, create a NetworkPolicy .i.e. ckad-allow so that only pods with label criteria: allow can access the deployment and apply it.

The grader reports fail Does policy allows traffic from pod with label criteria=allow? even when the suggested solution is applied.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ckad11
  namespace: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-ckad
  template:
    metadata:
      labels:
        app: nginx-ckad
    spec:
      containers:
        - name: nginx
          image: nginx
          ports:
            - containerPort: 80

apiVersion: v1
kind: Service
metadata:
  name: nginx-ckad11-service
  namespace: nginx-deployment
spec:
  selector:
    app: nginx-ckad
  ports:
    - name: http
      port: 80
      targetPort: 80
  type: ClusterIP

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ckad-allow
  namespace: nginx-deployment
spec:
  podSelector:
    matchLabels:
      app: nginx-ckad
  ingress:
    - from:
        - podSelector:
            matchLabels:
              criteria: allow
      ports:
        - protocol: TCP
          port: 80

raymond.baoly · December 3, 2024, 2:36pm

Hi M-Skacel,

Thanks for your feeback, the issue is vaild, I’ve forwarded to the team.

I will send you an update once receiving any feedback.