Ultimate CKA Mock Exam - set 5- Gateway api with TLS - Incorrect solution

nilanjanbs · May 4, 2025, 7:03pm

Question

Modify existing web-gateway to use https and use TLS from a secret name :kodekloud-tls

Kode cloud Solution

spec:
  gatewayClassName: kodekloud
  listeners:
    - name: https
      protocol: HTTPS
      port: 443
      hostname: kodekloud.com
      tls:
        certificateRefs:
          - name: kodekloud-tls

My Solution(Which eas incorrect according to kode kloud)

spec:
  gatewayClassName: kodekloud
   listeners:
    - name: https
      port: 443
      protocol: HTTPS
      tls:
        certificateRefs:
        - kind: Secret
           name: kodekloud-tls
        mode: Terminate

Not sure whats wrong in my solution as as per documentation the TLS type should be secret and then secret name
Reference: https://gateway-api.sigs.k8s.io/guides/tls/

listeners:
- protocol: HTTPS # Other possible value is `TLS`
  port: 443
  tls:
    mode: Terminate # If protocol is `TLS`, `Passthrough` is a possible mode
    certificateRefs:
    - kind: Secret
      group: ""
      name: default-cert

Please clarify which solution is correct

rob_kodekloud · May 4, 2025, 7:41pm

First, please use code blocks here – directly pasting your YAML as you do here corrupts it, and makes it harder for us to test your code.

At a minimum, the KK version of the resource specifies the hostname, which you do not. Even taking defaults into account, this is a significant difference between your solution and the proposed solution.

Also, please include the question number. I just searched ME #5 and did not find your problem.

nilanjanbs · May 4, 2025, 10:03pm

Hi @rob
I have edited my post.
Unfortunately I forgot the question number ,but the point is how to configure TLS for Api Gateway

As per kode cloud answer it is

tls:
        certificateRefs:
          - name: kodekloud-tls

but as per k8s documentation it should be

tls:
        certificateRefs:
        - kind: Secret
           name: kodekloud-tls

Which was actually my solution and labels as “Incorrect”

rob_kodekloud · May 4, 2025, 10:34pm

I’ll still need to know the question number – I just corrected another user’s work on regular ME #2 Q10, which is very similar to this. But I need to see the exact question so I know how the grader is set up for in that question.

nilanjanbs · May 7, 2025, 7:54pm

Hi @rob_kodekloud I finally found the exact question number and exam set during my redoing exam session

Here is the details:

Solve this question on: ssh cluster3-controlplane
Modify the existing web-gateway on cka5673 namespace to handle HTTPS traffic on port 443 for kodekloud.com, using a TLS certificate stored in a secret named kodekloud-tls.

rob_kodekloud · May 8, 2025, 2:45am

Really – the Exam number the Question number is what I need. I can look up the actual question there, but I can’t actually run the question without that data. PLEASE INCLUDE THIS ESSENTIAL INFORMATION SO I CAN EFFICIENTLY FIND YOUR QUESTION!!!

nilanjanbs · May 8, 2025, 8:18pm

Sorry,My bad
Please find the exact question number
Exam 2 question 13

rob_kodekloud · May 8, 2025, 8:40pm

I tried the question (thanks for supplying the exam and Q number), and this block worked in the grader:

spec:
  gatewayClassName: kodekloud
  listeners:
  - allowedRoutes:
      namespaces:
        from: Same
    name: https 
    port: 443 ## change
    protocol: HTTPS ## change
    ## add this block:
    hostname: kodekloud.com
    tls:
      mode: Terminate # If protocol is `TLS`, `Passthrough` is a possible mode
      certificateRefs:
      - kind: Secret
        group: ""
        name: kodekloud-tls

I think your problem was not adding the hostname item. I took the model from here.

nilanjanbs · May 12, 2025, 3:30pm

Strange that didnt work for me though