Doubt on CKA mok exam 3 Network rules

Ranza · August 2, 2025, 12:10pm

Hello,
my network rule is checked as wrong due “NetworkPolicy: Is it not applied to all sources (Incoming traffic from all pods)”

My yaml is the follow. At the end the proposed correct one. Why the mine is wrong?

My yaml:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ingress-to-nptest
  namespace: default
spec:
  ingress:
  - from:
    - podSelector: {}
    ports:
    - port: 80
      protocol: TCP
  podSelector:
    matchLabels:
      run: np-test-1
  policyTypes:
  - Ingress

right yaml:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ingress-to-nptest
  namespace: default
spec:
  podSelector:
    matchLabels:
      run: np-test-1
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - protocol: TCP
      port: 80

rob_kodekloud · August 2, 2025, 8:36pm

My sense is that the podSelector line is unnecessary; specifying the port is probably enough. But a quick question to you:

What’s the question number in that exam?
Is this the regular mock exam or the Ultimate CKA mock exam?

raymond.baoly · August 4, 2025, 10:37am

Hi @Ranza

Your YAML is wrong because:

from:
  - podSelector: {}

allows traffic only from pods in the same namespace.

The correct YAML:

ingress:
- ports:
  - port: 80
    protocol: TCP

omits from:, which means allow traffic from all pods in all namespaces, which is what the check requires.