0
0
Kubernetesdevops~20 mins

Ingress annotations for customization in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Ingress Annotation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Purpose of Ingress Annotations

What is the primary purpose of using annotations in a Kubernetes Ingress resource?

ATo define the backend services for the Ingress rules
BTo customize the behavior of the Ingress controller without changing the Ingress spec
CTo specify the namespace where the Ingress is deployed
DTo create persistent storage for the Ingress resource
Attempts:
2 left
💡 Hint

Think about how you can change settings like SSL or timeouts without modifying the main rules.

💻 Command Output
intermediate
2:00remaining
Output of Ingress with SSL Redirect Annotation

Given this Ingress snippet with annotation nginx.ingress.kubernetes.io/ssl-redirect: "true", what effect does this have on HTTP requests?

Kubernetes
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80
AAll HTTP requests are redirected to HTTPS automatically
BHTTP requests are blocked and return 403 Forbidden
CHTTP requests are served normally without redirection
DIngress controller disables HTTPS for this host
Attempts:
2 left
💡 Hint

Consider what 'ssl-redirect: true' means for incoming traffic.

Configuration
advanced
2:00remaining
Correct Annotation for Custom Timeout

You want to set a custom proxy read timeout of 120 seconds on an NGINX Ingress. Which annotation correctly sets this timeout?

Anginx.ingress.kubernetes.io/proxy-read-timeout: "120"
Bnginx.ingress.kubernetes.io/proxy-read-timeout-seconds: "120"
Cnginx.ingress.kubernetes.io/proxy-timeout: "120"
Dnginx.ingress.kubernetes.io/proxy-read-timeout-ms: "120000"
Attempts:
2 left
💡 Hint

Look for the exact annotation name used by NGINX Ingress for read timeout.

Troubleshoot
advanced
2:00remaining
Why is the Rewrite Annotation Not Working?

You added the annotation nginx.ingress.kubernetes.io/rewrite-target: / to your Ingress, but the URL paths are not rewritten as expected. What is a common cause?

AThe annotation value must be a full URL, not just '/'
BThe backend service must be named 'rewrite-service' for this to work
CRewrite annotation only works with HTTP, not HTTPS
DThe Ingress path is not defined with a regex pathType
Attempts:
2 left
💡 Hint

Check the pathType used in the Ingress rule when using rewrite-target.

Best Practice
expert
3:00remaining
Best Practice for Securing Ingress with Annotations

Which annotation combination is best practice to enhance security by enabling HTTP Strict Transport Security (HSTS) with a max age of 6 months and including subdomains on an NGINX Ingress?

A
nginx.ingress.kubernetes.io/hsts: "enabled"
nginx.ingress.kubernetes.io/hsts-max-age: "15768000"
nginx.ingress.kubernetes.io/hsts-include-subdomains: "enabled"
B
nginx.ingress.kubernetes.io/hsts: "true"
nginx.ingress.kubernetes.io/hsts-max-age: "15768000"
nginx.ingress.kubernetes.io/hsts-include-subdomains: "true"
Cnginx.ingress.kubernetes.io/configuration-snippet: 'add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;'
D
nginx.ingress.kubernetes.io/enable-hsts: "yes"
nginx.ingress.kubernetes.io/hsts-duration: "15768000"
nginx.ingress.kubernetes.io/hsts-subdomains: "yes"
Attempts:
2 left
💡 Hint

NGINX Ingress does not have built-in hsts annotations; custom headers are added via configuration-snippet.