Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ckad preparation > S&N Network Policies > Flashcards

S&N Network Policies Flashcards

1
Q

How is the network flow configured by default in Kubernetes, about what pod can communicate with what other pod?

A
  • All Allow
  • every pod can communicate with each other pod in the same cluster
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do network policies enable

A

Allow you to specify, what pod can communicate with what other pod
- for instance if an application pod is only allowed to communicate with a database via api service but not directly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Network policy in Kubernetes?

A

Another object in kubernetes namespace.
- linked to pods
- define rules within
- like for a db pod: only allow ingress traffic from the api pod on port 3306
- blocks all other traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do we link Network Policies to pods?

A

Using labels and selectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you specify a Network policy?

A 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
 name: db-policy
spec:
 podSelector:
  matchLabels:
	  role: db
 policyTypes:
 - Ingress
 ingress:
 - from:
   - podSelector:
   matchLabels:
  	 name: api-pod
   ports:
	   - protocol: TCP
	     port: 3306
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happens when inside the network policy definition there are no policyTypes defined?

A
  • no restriction on data traffic
  • even if ingress or egress for connected pods are defined
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What solutions support network policies?

A
  • calico
  • romana
  • weave-net

BUT NOT
- Flannel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When you define Network policy and ingress/egress restrictions, how are responses handled? How do they need to be considered?

A

Responses are always included in declared allowances.
When ingress traffic is allowed, responses to requests are also allowed.
Only the direction where the traffic goes needs to be considered in policyTypes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can we restrict what namespaces are allowed by the network policy?

A 
ingress:
 - from:
  - podSelector:
   matchLabels:
	  name: api-pod
	namespaceSelector:
	 matchLabels:
	  name: prod
 ports:
  - protocol: TCP
    port: 3306
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens if you only use a namespaceSelector inside a Network Policy definition?

A
  • only pods inside the namespace are allowed to communicate with the pod
  • other namespaces are not allowed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can we allow connections to servers not inside the cluster, like a backup server, that we know the ip address of?

A 
ingress:
- from: 
 - ipBlock:
   cidr: 192.168.5.10/32
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is special about the -from section of a network policy definition file?

A

Contains rules that are to be applied.
A rule starts with ‘-‘. Allowed traffic needs to adhere to all criteria within at least one rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you define a egress network policy?

A 
spec:
 podSelector:
  matchLabels:
	 role: db
policyTypes:
- egress
egress:
- to:
    - ipBlock:
        cidr: 192.168.4.10/32
  ports:
	  - protocol: TCP
	    port: 80
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ckad preparation (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions