CKS Mock Exam 2 - Question 2

francesco11 · August 2, 2024, 6:07pm

The yaml proposed as solution is:

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-app1-app2
  namespace: apps-xyz
spec:
  podSelector:
    matchLabels:
      tier: backend
      role: db
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: app1
          tier: frontend
    - podSelector:
        matchLabels:
          name: app2
          tier: frontend

Whereas I used:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-app1-app2
  namespace: apps-xyz
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
       matchExpressions:
        - key: name
          operator: In
          values: ["app1", "app2"]

Shouldn’t that still be accepted?

rob_kodekloud · August 2, 2024, 7:48pm

It would do the same thing, but the grader makes choices; sometimes there are possible solutions, like yours, that the grader does not take into account.

Alistair_KodeKloud · August 3, 2024, 7:33am

I don’t recall the exact question, but if it said something like “use all the labels”, then your solution is not doing that.

francesco11 · August 3, 2024, 8:34am

@Alistair_KodeKloud I think you are right, but if I had used tier: frontend would it have worked? I’ll give it a go again and let you guys know. Thanks for now