You have two pods in the same Kubernetes namespace. Pod A tries to connect to Pod B using a ClusterIP service named service-b on port 8080. What will be the output of the following command run inside Pod A?
curl http://service-b:8080/health
ClusterIP services provide stable internal IPs and DNS names for pods in the same namespace.
ClusterIP services allow pods within the same namespace to communicate using the service name. If Pod B is running and listening on port 8080, Pod A's curl command will succeed and return HTTP 200 OK with the health status.
Which statement correctly describes how pods communicate across different namespaces in Kubernetes?
Think about how Kubernetes DNS resolves service names across namespaces.
To communicate with a pod or service in another namespace, you must use the full DNS name, which includes the service name and the namespace, like service-name.namespace.svc.cluster.local. NetworkPolicies can restrict traffic but do not enable communication by themselves.
Pod A cannot reach Pod B even though both are running and in the same namespace. The service for Pod B is a ClusterIP service. Which of the following is the most likely cause?
Check if the service port matches the container port Pod B listens on.
If Pod B is not listening on the port defined in the service, the service will not forward traffic correctly, causing Pod A's connection attempts to fail. Using the service name is correct within the same namespace.
You want to restrict pod-to-pod communication in a namespace but allow Pod A to communicate with Pod B on port 80. Which sequence of steps correctly achieves this?
Think about labeling pods before creating policies that select them.
First, create a default deny ingress policy. Then label pods so policies can select them. Next, create a policy allowing Pod A to access Pod B on port 80. Finally, apply the policies.
Which approach is the best practice to secure pod-to-pod communication in a Kubernetes cluster?
Consider both network restrictions and encryption.
Combining NetworkPolicies to restrict traffic with mutual TLS (mTLS) for encrypted communication is the best practice to secure pod-to-pod communication. Other options either reduce security or break Kubernetes networking.