0
0
Kubernetesdevops~20 mins

Cross-namespace communication in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Cross-namespace Communication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
How does Kubernetes enable communication between services in different namespaces?

In Kubernetes, services are usually isolated within namespaces. Which method allows a pod in one namespace to reach a service in another namespace?

AServices in different namespaces cannot communicate directly; you must merge namespaces.
BUse the full DNS name of the service including the target namespace, like <code>service-name.namespace.svc.cluster.local</code>.
CUse the service name alone without namespace; Kubernetes automatically resolves cross-namespace services.
DCreate a NodePort service and access it via the node IP and port.
Attempts:
2 left
💡 Hint

Think about how Kubernetes DNS resolves service names across namespaces.

💻 Command Output
intermediate
2:00remaining
What is the output of this command querying a service in another namespace?

You run the following command inside a pod in namespace dev to check connectivity to a service api in namespace prod:

nslookup api.prod.svc.cluster.local

What output do you expect?

AA DNS response with the IP address of the <code>api</code> service in <code>prod</code> namespace.
BAn error saying <code>api.prod.svc.cluster.local</code> not found.
CA DNS response with the IP address of a service named <code>api</code> in the <code>dev</code> namespace.
DA timeout error because cross-namespace DNS queries are blocked.
Attempts:
2 left
💡 Hint

Remember how Kubernetes DNS resolves fully qualified service names.

Configuration
advanced
3:00remaining
Which NetworkPolicy allows pods in namespace 'frontend' to access pods in namespace 'backend' on port 8080?

You want to restrict network access so only pods in the frontend namespace can connect to pods in the backend namespace on TCP port 8080. Which NetworkPolicy YAML snippet correctly implements this?

A
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: backend
    ports:
    - protocol: TCP
      port: 8080
B
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: frontend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: backend
    ports:
    - protocol: TCP
      port: 8080
C
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    ports:
    - protocol: TCP
      port: 8080
D
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: frontend
    ports:
    - protocol: TCP
      port: 8080
Attempts:
2 left
💡 Hint

NetworkPolicies are defined in the target namespace and use namespaceSelector to allow traffic from other namespaces.

Troubleshoot
advanced
2:30remaining
Why does a pod in namespace 'test' fail to reach a service in namespace 'prod' using only the service name?

A pod in the test namespace tries to connect to a service named db in the prod namespace by using the hostname db. The connection fails. What is the most likely reason?

AThe pod's network policy explicitly denies all outbound traffic.
BThe service <code>db</code> in <code>prod</code> namespace is not running any pods.
CKubernetes blocks all cross-namespace service communication by default.
DThe pod is using the short service name <code>db</code> which resolves only within its own namespace, so it cannot find the service in <code>prod</code> namespace.
Attempts:
2 left
💡 Hint

Think about how DNS resolves service names inside pods.

Best Practice
expert
3:00remaining
What is the recommended way to securely enable cross-namespace communication between microservices?

You manage multiple microservices deployed in different namespaces. You want to enable secure, controlled communication between them. Which approach is best practice?

AUse Kubernetes NetworkPolicies to restrict traffic and service accounts with RBAC for authentication, combined with mutual TLS via a service mesh like Istio.
BOpen all namespaces to unrestricted communication by disabling NetworkPolicies and use plain HTTP between services.
CManually configure firewall rules on each node to allow traffic between namespaces and use basic authentication in services.
DDeploy all microservices in the same namespace to avoid cross-namespace communication issues.
Attempts:
2 left
💡 Hint

Consider security, scalability, and maintainability in multi-namespace environments.