Learn-By-Doing Kubernetes Network Policies: Final Challenge

This is related to the Final Challenge of the Learn-By-Doing Kubernetes Network Policies where the task indicates that Policy darkarts-magic only allows egress traffic to port 53 (both TCP and UDP) to IPs in CIDR range of 10.0.0.0/24 is wrong.

Please find the following screenshots showing my configuration:

The yaml file for the darkarts-magic Network Policy

The outcome of hitting the Check-button:

The yaml in the Solution-tab:

Please note that the policyTypes was left out from the yaml in the Solution-tab so I removed it from my yaml but that didn’t make any difference.

Looking forward to hearing from you.
Thanks,
Liz (ewiklund)

Hi @ewiklund

Thanks for reporting this.
There seems to be some issue with this lab and its grader. I’ll notify the lab team to look into this.

regards.

Thank you Santosh for your help.

Hi Santosh. Do you have an update from the lab team please?
Thanks,
ewiklund

Could someone please get back to me with an update from the lab team?
FYI @Mumshad Mannambeth
Thanks,
ewiklund

Hi @ewiklund

Apologies for the delay. I have escalated the ticket to high priority, and please rest assured that we are working to resolve the issue at the earliest possible time.

Thank you for your continued support and understanding.

Regards.

Thank you Santosh for keeping me up to date.

Hi @ewiklund ,

Can you please check again? I don’t see any issues from my end.

Regards,

Also, please describe the network policies created in the darkarts namespace and share them here.

Thank you Tej-Singh-Rana for your update. Let me do the lab again; I will get back to you within a couple of days.
Thanks for your help.
Regards,
ewiklund

Sure, I’ll wait for your response.

Hi Tej-Singh-Rana,
I have tested this again; unfortunately with the same outcome as before.

Please find the screenshots of the pod/netpol labels, including the output of “k describe netpol -n darkarts” as well as the error indicating that the darkarts-magic network policy doesn’t meet the requirements.

darkarts-magic netpol:

darkarts-no-access netpol:

The error message of the darkarts-magic:

labels of the pod/netpol:

k describe netpol -n darkarts:

One thing to add here unrelated to the problem is that in the Instructions-tab; Task 1: Secure the “charms” Namespace point 2 Create another network policy, charms-no-external-access but in the diagram, the network policy should be called charms-no-egress.
I think this should be corrected in the Instructions-tab to match the name in the diagram.

Thanks,
ewiklund

Thanks for checking @ewiklund , I’ll recheck and get back to you.

Regards,

Hi Tej-Singh-Rana,
Hope you are doing well.
Any news regarding this issue please?
Thanks,
ewiklund

Hi @ewiklund,

Thanks for following up on this. I’ll provide you an update by EOD. Please keep patience.

Regards,

Thank you for getting back to me. No problem.
Regards,
ewiklund

Hi @ewiklund ,

The one you shared above is absolutely correct, and the team didn’t find any issues, but to be more cautious, the team updated the validation part of that section.

To check quickly, please create the NetPols for the darkarts namespace and click the Check button.

Please let me know if you encounter any issues this time.

Regards,

Hi,
Thanks for your update.
I will try this tomorrow and will update you accordingly.
Thanks for your help.

ewiklund

Hi there,
Thanks a lot for your help. I can confirm that now it works.
Regards,
ewiklund

1 Like