Bird
0
0

A developer wants to isolate pod traffic using a CNI plugin that supports network segmentation and encryption. Which combination of CNI plugins and features best fits this need?

hard📝 Workflow Q9 of 15
Kubernetes - Networking
A developer wants to isolate pod traffic using a CNI plugin that supports network segmentation and encryption. Which combination of CNI plugins and features best fits this need?
ABridge plugin without encryption
BFlannel with VXLAN only
CCalico with IPsec encryption
DHost-local IPAM without network policies
Step-by-Step Solution
Solution:

  1. Step 1: Identify plugins supporting encryption and segmentation

    Calico supports network segmentation and can use IPsec for encryption.

  2. Step 2: Evaluate other options

    Flannel with VXLAN does not provide encryption by default; Bridge and Host-local lack these features.

  3. Final Answer:

    Calico with IPsec encryption -> Option C

  4. Quick Check:

    Network isolation + encryption = Calico + IPsec [OK]
Quick Trick: Use Calico with IPsec for secure pod isolation [OK]
Common Mistakes:
  • Assuming Flannel VXLAN encrypts traffic
  • Choosing Bridge plugin for encryption
  • Ignoring network policy support

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
ConfigMaps - Updating ConfigMaps and propagation - Quiz 1easy Health Checks and Probes - Readiness probe concept - Quiz 5medium Ingress - Host-based routing - Quiz 13medium Ingress - Ingress annotations for customization - Quiz 9hard Ingress - Ingress annotations for customization - Quiz 10hard Ingress - TLS termination with Ingress - Quiz 6medium Persistent Storage - Why persistent storage matters in Kubernetes - Quiz 15hard Persistent Storage - StatefulSet ordering and naming - Quiz 9hard Resource Management - Quality of Service classes (Guaranteed, Burstable, BestEffort) - Quiz 13medium Scheduling - Node affinity and anti-affinity - Quiz 12easy