Regarding CKS MOCK 2 Exam

shubham_sri · December 22, 2024, 8:17am

In question 2 of Mock exam 2, your solution suggest to create cilium network policy like this

apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
  name: p1
  namespace: team-azure
spec:
  endpointSelector:
    matchLabels:
      type: messenger
  egressDeny:
  - toEndpoints:
    - matchLabels:
         type: database

But there is no label like type=database in databse-pod in team-azure in namespace.

I guess the right solutions would be

apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
  name: "p1"
  namespace: "team-azure"
spec:
  endpointSelector:
    matchLabels:
      type: messenger
  egressDeny:
  - toEndpoints:
    - matchLabels:
         role: database

Please let me know if my understanding is correct

Alistair_KodeKloud · December 22, 2024, 12:15pm

There’s an issue with this question. I have informed lab team.

Alistair_KodeKloud · December 26, 2024, 11:59am

Hi @shubham_sri

Question has been restructured. Please try it now.

yewaleajay · December 30, 2024, 4:37pm

How to write cilium policy in exam as there is no clear document to refer. I am writing examon 1st Jan

Alistair_KodeKloud · December 30, 2024, 6:44pm

This is the page for CNP examples - that’s all that’s available to you in the exam.

Towards the end of the page are the deny examples. It only gives YAML for ingressDeny, but egressDeny works the same way.