Getting problem on CKA mock-3 one question solution, please help

zhdhasn · July 30, 2024, 3:42am

One of the nginx based pod called cyan-pod-cka28-trb is running under cyan-ns-cka28-trb namespace and it is exposed within the cluster using cyan-svc-cka28-trb service.

This is a restricted pod so a network policy called cyan-np-cka28-trb has been created in the same namespace to apply some restrictions on this pod.

Two other pods called cyan-white-cka28-trb and cyan-black-cka28-trb are also running in the default namespace.

The nginx based app running on the cyan-pod-cka28-trb pod is exposed internally on the default nginx port (80).

Expectation: This app should only be accessible from the cyan-white-cka28-trb pod.

Problem: This app is not accessible from anywhere.

Troubleshoot this issue and fix the connectivity as per the requirement listed above.

Note: You can exec into cyan-white-cka28-trb and cyan-black-cka28-trb pods and test connectivity using the curl utility.

You may update the network policy, but make sure it is not deleted from the cyan-ns-cka28-trb namespace.

rob_kodekloud · July 30, 2024, 3:54am

You’ve stated the problem from the mock exam, but you’re not telling us what you’ve tried. What have you tried, and what are you having difficulty with?

zhdhasn · July 30, 2024, 4:42am

I have solve the issue as per KK solution, but not getting excepted result.
in pod yaml, change port.

ports:
- port: 80
  protocol: TCP
  to:
- ipBlock:
  cidr: 0.0.0.0/0

also changed,

ingress:

from:
- namespaceSelector:
  matchLabels:
  kubernetes.io/metadata.name: default
  podSelector:
  matchLabels:
  app: cyan-white-cka28-trb

from this pod can be access from only “cyan-white-cka28-trb”
but the problem is pod can be access also from “cyan-black-cka28-trb”

rob_kodekloud · July 30, 2024, 10:23pm

I can’t be completely sure what you’re trying, since your code has been corrupted when it was pasted into your post. Please use a code block

   like this, by using the </> key:
   - it preserves indentation
   - it preserves special characters and quote marks.

My best guess is that your first block is simply wrong; you can’t put an ipBlock section under ports. Looking at the solutions section in the End Exam page, it probably needs to be

  egress:
  - ports:
    - port: 80
      protocol: TCP
    ipBlock:
      cidr: 0.0.0.0/0

Indentation is crucial here; again, use a code block.

For the ingress section:

ingress:
- from:
  - namespaceSelector:
       matchLabels:
          kubernetes.io/metadata.name: default
     podSelector:
        matchLabels:
          app: cyan-white-cka28-trb

“podSelctor” and “namespaceSelector” need to be at the same indentation.