Linux Foundation CKAD Exam - Topic 10 Question 36 Discussion

Actual exam question for Linux Foundation's CKAD exam

Question #: 36
Topic #: 10

[All CKAD Questions]

Refer to Exhibit.

Set Configuration Context:

[student@node-1] $ | kubectl

Config use-context k8s

Task

You have rolled out a new pod to your infrastructure and now you need to allow it to communicate with the web and storage pods but nothing else. Given the running pod kdsn00201 -newpod edit it to use a network policy that will allow it to send and receive traffic only to and from the web and storage pods.

AExplanation:
To allow a pod to send and receive traffic only to and from specific pods, you can use network policies in Kubernetes.
First, you will need to create a network policy that defines the allowed traffic. You can create a network policy yaml file with the following rules:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: newpod-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: kdsn00201-newpod
ingress:
- from:
- podSelector:
matchLabels:
app: web
- podSelector:
matchLabels:
app: storage
This policy will only allow incoming traffic to the pod with the label app=kdsn00201-newpod from pods with the label app=web or app=storage. If you have different labels on your web and storage pods please update the matchLabels accordingly.
Once you have created the network policy, you can apply it to the cluster by running the following command:
kubectl apply -f <network-policy-file>.yaml
This will apply the network policy to the cluster, and the newpod will only be able to send and receive traffic to and from the web and storage pods.
Please note that, NetworkPolicy resource is not available by default, you need to enable the NetworkPolicy feature on your Kubernetes cluster. This feature is enabled by default on some clusters and must be explicitly enabled on others. You can check if NetworkPolicy is available by running the command kubectl api-versions | grep networking
Also, you need to ensure that the pods that you want to allow traffic to and from are running on the same namespace.

Show Suggested Answer

Suggested Answer: A

by Geoffrey at Apr 14, 2024, 11:55 PM

Limited Time Offer

25%

Off

Get Premium CKAD Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Justine

4 months ago

I thought it was enabled by default on all clusters?

upvoted 0 times

...

Nan

4 months ago

Yup, check with `kubectl api-versions | grep networking`.

upvoted 0 times

...

Jesusa

4 months ago

Wait, does NetworkPolicy need to be enabled first?

upvoted 0 times

...

Dalene

4 months ago

Totally agree, it's essential for security!

upvoted 0 times

...

Makeda

5 months ago

You can use network policies to control pod traffic in Kubernetes.

upvoted 0 times

...

Dorothea

5 months ago

I think I remember that we need to specify the namespace correctly. If the web and storage pods are in a different namespace, that could be an issue.

upvoted 0 times

...

Tamera

5 months ago

I feel a bit uncertain about whether the NetworkPolicy feature is enabled by default on all clusters. I should double-check that before applying the policy.

upvoted 0 times

...

Luke

5 months ago

I think we did a similar question where we had to restrict traffic between pods. I hope I can recall the exact labels for web and storage pods.

upvoted 0 times

...

Devora

5 months ago

I remember we practiced network policies, but I’m not sure if I got the podSelector syntax right for the ingress rules.

upvoted 0 times

...

Dino

5 months ago

Okay, I think I understand what I need to do here. I'll create a network policy that allows traffic from the newpod to the web and storage pods, and apply it to the cluster. Gotta be careful with the namespace and label matching though.

upvoted 0 times

...

Becky

5 months ago

No problem, I've worked with network policies before. I'll create the YAML file with the necessary rules and apply it to the cluster. Shouldn't be too difficult as long as I match the labels correctly.

upvoted 0 times

...

Irma

5 months ago

Hmm, I'm a bit confused about the network policy syntax. I'll need to review the documentation to make sure I get the right format for the podSelector and ingress rules.

upvoted 0 times

...

Hillary

5 months ago

This looks like a straightforward network policy question. I'll need to carefully read through the requirements and create the appropriate policy to allow the newpod to communicate with the web and storage pods.

upvoted 0 times

...

Amie

6 months ago

Hmm, I'm a bit confused by the terminology here. I'm not super familiar with the MML commands used for 5G network configuration. I'll have to think this through carefully and try to eliminate the options that don't seem relevant.

upvoted 0 times

...

Solange

6 months ago

This seems straightforward. I think I'll go with option B - assigning a general product posting group that's linked to a purchase account.

upvoted 0 times

...

Lezlie

6 months ago

Honestly, I feel like just ignoring the peripheral during tests (option D) isn't a good practice. But I can't remember if testing it separately is needed.

upvoted 0 times

...

Dewitt

11 months ago

Ah, the joys of Kubernetes networking. I'm glad they're testing this, as it's a critical skill for working with Kubernetes in the real world. Time to put my network policy knowledge to the test!

upvoted 0 times

Larae

10 months ago

Don't forget to enable the NetworkPolicy feature on your Kubernetes cluster before applying the network policy.

upvoted 0 times

...

Sylvie

10 months ago

Creating a network policy yaml file with the correct rules will help restrict traffic to specific pods.

upvoted 0 times

...

Maryln

10 months ago

I agree, understanding network policies in Kubernetes is essential for managing communication between pods.

upvoted 0 times

...

Juan

11 months ago

Haha, I bet the exam writers had fun coming up with this one. Gotta love the subtle humor in the 'kdsn00201-newpod' pod name. Anyway, I'm confident I can nail this network policy question.

upvoted 0 times

...

Dorothy

11 months ago

So, we should define the rules in the network policy yaml file and apply it to the cluster to restrict the pod's communication.

upvoted 0 times

...

Jerry

11 months ago

Hmm, I think I got this. The key is to create a network policy that allows the new pod to communicate with the web and storage pods, but nothing else. I'll make sure to double-check the label matching in the policy.

upvoted 0 times

Becky

10 months ago

Remember to enable the NetworkPolicy feature on your Kubernetes cluster if it's not available by default.

upvoted 0 times

...

Willard

10 months ago

User 2: Yes, make sure the labels in the policy match the labels of the web and storage pods correctly.

upvoted 0 times

...

Lauran

10 months ago

Apply the network policy to the cluster using the kubectl apply command.

upvoted 0 times

...

Tonette

10 months ago

Check the label matching in the policy to ensure it only communicates with the web and storage pods.

upvoted 0 times

...

Ronnie

11 months ago

Make sure to create a network policy that specifies the allowed traffic for the new pod.

upvoted 0 times

...

Belen

11 months ago

User 1: I understand, we need to create a network policy for the new pod to communicate only with web and storage pods.

upvoted 0 times

...

Eva

11 months ago

Wow, this is a great question! The network policy concept is really important to understand for securing Kubernetes environments. I like how the question provides the necessary context and images to guide the answer.

upvoted 0 times

...

Latosha

11 months ago

Yes, we need to create a network policy that allows traffic only to and from the web and storage pods.

upvoted 0 times

...

Dorothy

12 months ago

I think the question is about setting up a network policy for a new pod to communicate only with specific pods.

upvoted 0 times

...