Bird
Raised Fist0
Azurecloud~20 mins

AKS networking (kubenet, Azure CNI) - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
AKS Networking Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Pod IP Address Allocation in AKS

In Azure Kubernetes Service (AKS), you can choose between two networking models: kubenet and Azure CNI. Which statement correctly describes how pod IP addresses are allocated in these two models?

ABoth kubenet and Azure CNI assign pod IPs from the same subnet as the nodes without isolation.
BIn kubenet, pods get IPs from a private subnet managed by AKS; in Azure CNI, pods get IPs directly from the Azure virtual network subnet.
CIn kubenet, pods get IPs directly from the Azure virtual network subnet; in Azure CNI, pods get IPs from a private subnet managed by AKS.
DNeither kubenet nor Azure CNI assign IPs to pods; pods share the node IP address.
Attempts:
2 left
💡 Hint

Think about whether pods get IPs from the Azure network or from a separate range.

Architecture
intermediate
2:00remaining
Choosing Networking Model for High Pod Density

You plan to deploy an AKS cluster with a very high number of pods per node. Which networking model is better suited for this scenario and why?

AAzure CNI, because it supports unlimited pods per node without IP address exhaustion.
BAzure CNI, because it assigns IPs from a private subnet, reducing IP usage.
CKubenet, because it uses NAT and allows more pods per node without needing many IP addresses.
DKubenet, because it assigns IPs directly from the Azure subnet, avoiding IP conflicts.
Attempts:
2 left
💡 Hint

Consider how IP address usage affects pod density in each model.

security
advanced
2:00remaining
Network Policy Enforcement Differences

Which AKS networking model supports Azure Network Policies natively for controlling pod traffic?

AAzure CNI supports Azure Network Policies natively; kubenet does not support them directly.
BKubenet supports Azure Network Policies natively; Azure CNI requires additional configuration.
CBoth kubenet and Azure CNI support Azure Network Policies natively without extra setup.
DNeither kubenet nor Azure CNI support Azure Network Policies; only Calico does.
Attempts:
2 left
💡 Hint

Think about which model integrates better with Azure's native network security features.

service_behavior
advanced
2:00remaining
Pod-to-Pod Communication Across Nodes

In an AKS cluster using kubenet networking, how is pod-to-pod communication across different nodes handled?

APods use a VPN tunnel established between nodes for communication.
BPods communicate directly using their Azure VNet IPs without NAT or routing rules.
CPods cannot communicate across nodes in kubenet; only within the same node.
DPods communicate using node IPs with NAT translating pod IPs, requiring routing rules on nodes.
Attempts:
2 left
💡 Hint

Consider how kubenet uses NAT and routing for pod traffic.

Best Practice
expert
3:00remaining
Scaling AKS Cluster with Azure CNI and IP Address Limits

You have an AKS cluster using Azure CNI networking. You want to scale the cluster to 100 nodes, each running 30 pods. What is the best practice to avoid IP address exhaustion in the Azure virtual network subnet?

AIncrease the subnet size to accommodate at least 3000 IP addresses, considering node and pod IPs.
BUse kubenet instead of Azure CNI to avoid IP address exhaustion issues.
CAssign static IP addresses to pods to manage IP usage manually.
DReduce the number of pods per node to 5 to limit IP consumption.
Attempts:
2 left
💡 Hint

Think about how Azure CNI assigns IPs and what subnet size is needed.

Practice

(1/5)
1. What is the main difference between kubenet and Azure CNI networking in AKS?
easy
A. Both assign IPs from the Azure subnet but differ in routing protocols.
B. Kubenet uses NAT and assigns pod IPs from a private range, Azure CNI assigns IPs from the Azure subnet directly.
C. Kubenet assigns IPs from the Azure subnet, Azure CNI uses NAT for pod IPs.
D. Azure CNI uses NAT, while kubenet assigns IPs from the Azure subnet.

Solution

  1. Step 1: Understand kubenet networking

    Kubenet assigns pod IPs from a private IP range and uses NAT to allow pods to communicate outside the cluster.

  2. Step 2: Understand Azure CNI networking

    Azure CNI assigns pod IPs directly from the Azure virtual network subnet, allowing pods to have direct IP addresses visible in the Azure network.

  3. Final Answer:

    Kubenet uses NAT and assigns pod IPs from a private range, Azure CNI assigns IPs from the Azure subnet directly. -> Option B

  4. Quick Check:

    Kubenet = NAT, Azure CNI = Azure subnet IPs [OK]
Hint: Kubenet uses NAT; Azure CNI uses Azure subnet IPs [OK]
Common Mistakes:
  • Confusing which method uses NAT
  • Thinking both assign IPs from Azure subnet
  • Assuming Azure CNI uses private IP range
2. Which of the following is the correct way to specify Azure CNI networking when creating an AKS cluster using Azure CLI?
easy
A. az aks create --name myAKS --resource-group myRG --network-plugin azure
B. az aks create --name myAKS --resource-group myRG --network-plugin kubenet
C. az aks create --name myAKS --resource-group myRG --network-plugin azure-cni
D. az aks create --name myAKS --resource-group myRG --network-plugin azurecni

Solution

  1. Step 1: Identify the correct network plugin name for Azure CNI

    The Azure CLI uses the exact string azure to specify Azure CNI networking.

  2. Step 2: Check the command syntax

    The command must include --network-plugin azure to enable Azure CNI networking.

  3. Final Answer:

    az aks create --name myAKS --resource-group myRG --network-plugin azure -> Option A

  4. Quick Check:

    Azure CNI plugin = azure [OK]
Hint: Azure CNI plugin is exactly 'azure' in CLI [OK]
Common Mistakes:
  • Using 'azure-cni' instead of 'azure'
  • Confusing kubenet with Azure CNI plugin name
  • Typos in the network plugin parameter
3. Given an AKS cluster configured with kubenet, what will happen if a pod tries to communicate with another pod in a different node?
medium
A. Pods communicate directly using their Azure subnet IPs without NAT.
B. Pod traffic is blocked by default between nodes.
C. Pods cannot communicate across nodes in kubenet mode.
D. The pod-to-pod traffic will be routed through the node's NAT IP and may require additional routing setup.

Solution

  1. Step 1: Understand pod communication in kubenet mode

    In kubenet, pods get private IPs and use NAT on the node to communicate outside their node.

  2. Step 2: Analyze cross-node pod communication

    Traffic between pods on different nodes goes through the node's NAT IP, requiring routing rules to allow this traffic.

  3. Final Answer:

    The pod-to-pod traffic will be routed through the node's NAT IP and may require additional routing setup. -> Option D

  4. Quick Check:

    Kubenet cross-node uses NAT routing [OK]
Hint: Kubenet pods use NAT IPs for cross-node traffic [OK]
Common Mistakes:
  • Assuming direct pod IP communication in kubenet
  • Thinking pods cannot communicate across nodes
  • Believing pod traffic is blocked by default
4. You deployed an AKS cluster with Azure CNI but pods are not getting IP addresses from the Azure subnet. What is the likely cause?
medium
A. The Azure subnet does not have enough free IP addresses for pods.
B. The cluster was created with kubenet instead of Azure CNI.
C. The pods are configured to use host networking.
D. The Azure CNI plugin is not installed on the nodes.

Solution

  1. Step 1: Check IP availability in Azure subnet

    Azure CNI assigns pod IPs from the Azure subnet. If the subnet IP pool is exhausted, pods cannot get IPs.

  2. Step 2: Verify cluster network plugin and configuration

    Since the cluster is deployed with Azure CNI, the plugin is installed. Host networking would not prevent IP assignment.

  3. Final Answer:

    The Azure subnet does not have enough free IP addresses for pods. -> Option A

  4. Quick Check:

    Subnet IP exhaustion blocks pod IP assignment [OK]
Hint: Check subnet IP availability first for Azure CNI issues [OK]
Common Mistakes:
  • Assuming plugin is missing when cluster uses Azure CNI
  • Ignoring subnet IP exhaustion
  • Confusing host networking with IP assignment
5. You want to deploy an AKS cluster that allows pods to communicate directly with other Azure resources in the same virtual network using their pod IPs. Which networking option should you choose and why?
hard
A. Use kubenet with additional routing rules to enable pod IP visibility.
B. Use kubenet because it saves IP addresses and allows direct pod IP communication.
C. Use Azure CNI because it assigns pod IPs from the Azure subnet enabling direct communication with Azure resources.
D. Use Azure CNI but disable IP assignment to pods for better security.

Solution

  1. Step 1: Identify networking needs for direct pod-to-Azure resource communication

    Direct communication requires pods to have IPs visible in the Azure virtual network.

  2. Step 2: Compare kubenet and Azure CNI capabilities

    Kubenet uses NAT and private IPs, so pods are not directly reachable. Azure CNI assigns pod IPs from the Azure subnet, enabling direct communication.

  3. Final Answer:

    Use Azure CNI because it assigns pod IPs from the Azure subnet enabling direct communication with Azure resources. -> Option C

  4. Quick Check:

    Azure CNI = direct pod IPs in Azure subnet [OK]
Hint: Azure CNI enables direct pod IP communication with Azure resources [OK]
Common Mistakes:
  • Choosing kubenet for direct pod IP communication
  • Thinking kubenet allows direct pod IP visibility
  • Disabling IP assignment in Azure CNI disables communication