0
0
Kubernetesdevops~20 mins

Ingress and egress rules in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Ingress and Egress Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:00remaining
Understanding Kubernetes Ingress Purpose

What is the primary purpose of an Ingress resource in Kubernetes?

ATo schedule pods on specific nodes based on resource availability
BTo define firewall rules for controlling outbound traffic from pods
CTo manage persistent storage volumes for stateful applications
DTo control external access to services inside the cluster, typically HTTP and HTTPS routes
Attempts:
2 left
💡 Hint

Think about how users outside the cluster reach your applications.

💻 Command Output
intermediate
0:45remaining
Output of kubectl get ingress

What is the output of the command kubectl get ingress when no Ingress resources exist in the default namespace?

Kubernetes
kubectl get ingress
A
NAME   HOSTS   ADDRESS   PORTS   AGE
BError from server (NotFound): ingresses.networking.k8s.io "" not found
CNo resources found in default namespace.
D
NAME   HOSTS   ADDRESS   PORTS   AGE
my-ingress   *   192.168.1.1   80   5d
Attempts:
2 left
💡 Hint

Consider what Kubernetes shows when no matching resources exist.

Configuration
advanced
1:30remaining
Egress Rule to Allow Outbound HTTP Traffic

Which NetworkPolicy YAML snippet correctly allows pods in the frontend label group to send outbound HTTP (port 80) traffic to any destination?

A
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-http-egress
spec:
  podSelector:
    matchLabels:
      role: frontend
  policyTypes:
  - Egress
  egress:
  - ports:
    - protocol: TCP
      port: 80
B
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-http-egress
spec:
  podSelector:
    matchLabels:
      role: frontend
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - protocol: TCP
      port: 80
C
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-http-egress
spec:
  podSelector:
    matchLabels:
      role: frontend
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - protocol: UDP
      port: 80
D
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-http-egress
spec:
  podSelector:
    matchLabels:
      role: frontend
  policyTypes:
  - Egress
  egress:
  - ports:
    - protocol: TCP
      port: 443
Attempts:
2 left
💡 Hint

Remember that egress rules control outbound traffic and HTTP uses TCP port 80.

Troubleshoot
advanced
1:30remaining
Diagnosing Ingress Not Routing Traffic

You created an Ingress resource, but external HTTP requests to your domain return 404 errors. Which is the most likely cause?

AThe pod labels do not match the Service selector
BThe Ingress controller is not installed or running in the cluster
CThe Service type is set to ClusterIP instead of LoadBalancer
DThe NetworkPolicy blocks all ingress traffic to the pods
Attempts:
2 left
💡 Hint

Think about what component handles Ingress routing.

Best Practice
expert
2:00remaining
Best Practice for Securing Egress Traffic in Kubernetes

Which approach is considered best practice to secure egress traffic from pods in a Kubernetes cluster?

AUse NetworkPolicies to explicitly allow only required outbound traffic and deny all else by default
BAllow all egress traffic by default and rely on pod security policies for protection
CConfigure Ingress resources to filter outbound traffic from pods
DUse host firewall rules only, ignoring Kubernetes NetworkPolicies
Attempts:
2 left
💡 Hint

Think about the principle of least privilege for network access.