Query on Kodekloud mock test #2 Q2 (CKS)

#1

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-app1-app2
namespace: apps-xyz
spec:
podSelector:
matchLabels:
tier: backend
role: db
ingress:

  • from:
    • podSelector:
      matchLabels:
      name: app1
      tier: frontend
    • podSelector:
      matchLabels:
      name: app2
      tier: frontend

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app1-app2
namespace: apps-xyz
spec:
podSelector:
matchLabels:
role: db
tier: backend
policyTypes:

  • Ingress
    ingress:
  • from:
    • podSelector:
      matchExpressions:
      • key: name
        operator: In
        values: [ “app1”, “app2”]
      • key: tier
        operator: In
        values: [ “frontend” ]

Isn’t both the same ? Why Mock Test expeting first solution ?

#2

I’ll give these a check. I do wish you had put your code into

code blocks
   * that preserve indentation
   * that don't screw up " and ' marks like happens in your code

So I’ll have to do the code from scratch. This makes it harder to help you.

That said: it’s always best, both in the mock exams and in the actual exam, not to do anything fancy, because there are only so many paths that the automatic grader code can check. I’d guess that using matchExpressions is going to be one of those things, and you can’t be certain you won’t “out smart” the actual exam, and fail a question you could have passed when you do this.

#3

OK, I reconstruct your YAML as

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-app1-app2
  namespace: apps-xyz
spec:
  podSelector:
    matchLabels:
      role: db
      tier: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchExpressions:
        - key: name
          operator: In
          values: ["app1", "app2"] 
        - key: tier
          operator: In
          values: ["frontend"] 
    ports:
    - protocol: TCP
      port: 6379

and I did network connectivity tests; app3 fails, app1 and app2 indeed succeed. So as far as it goes it works. But I think you outsmarted the grader.

Part of the reason that the first solution was preferred, I think, is because the same resource from the docs was the basis of that solution; you have to root around to get the matchExpressions based solution you tried.

1 Like