0
0
Kubernetesdevops~10 mins

Mutual TLS for service communication in Kubernetes - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to specify the TLS secret in the Kubernetes service.

Kubernetes
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  ports:
  - port: 443
    targetPort: 8443
  selector:
    app: my-app
  tls:
    secretName: [1]
Drag options to blanks, or click blank then click option'
Aapp-cert
Bdefault-secret
Cmy-tls-secret
Dservice-key
Attempts:
3 left
💡 Hint
Common Mistakes
Using a secret name that does not exist
Forgetting to specify the secretName field
2fill in blank
medium

Complete the code to mount the TLS certificates as volumes in the pod.

Kubernetes
apiVersion: v1
kind: Pod
metadata:
  name: my-app-pod
spec:
  containers:
  - name: my-app-container
    image: my-app-image
    volumeMounts:
    - name: tls-certs
      mountPath: [1]
      readOnly: true
  volumes:
  - name: tls-certs
    secret:
      secretName: my-tls-secret
Drag options to blanks, or click blank then click option'
A/etc/ssl/certs
B/etc/tls
C/var/run/secrets/tls
D/etc/ssl/private
Attempts:
3 left
💡 Hint
Common Mistakes
Mounting the secret at a path not used by the application
Not setting readOnly: true for the volume mount
3fill in blank
hard

Fix the error in the Ingress TLS configuration by completing the missing field.

Kubernetes
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  tls:
  - hosts:
    - myapp.example.com
    [1]: my-tls-secret
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 443
Drag options to blanks, or click blank then click option'
AkeyName
Bcertificate
CtlsSecret
DsecretName
Attempts:
3 left
💡 Hint
Common Mistakes
Using incorrect field names like certificate or tlsSecret
Omitting the TLS secret field entirely
4fill in blank
hard

Fill both blanks to create a Kubernetes NetworkPolicy that allows only mutual TLS traffic on port 443.

Kubernetes
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-mtls
spec:
  podSelector:
    matchLabels:
      app: my-app
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - protocol: [1]
      port: 443
    from:
    - namespaceSelector:
        matchLabels:
          [2]: trusted
Drag options to blanks, or click blank then click option'
ATCP
BUDP
Cenvironment
Dsecurity
Attempts:
3 left
💡 Hint
Common Mistakes
Using UDP instead of TCP for TLS traffic
Using incorrect label keys in namespaceSelector
5fill in blank
hard

Fill all three blanks to define a Kubernetes Secret manifest for mutual TLS certificates.

Kubernetes
apiVersion: v1
kind: Secret
metadata:
  name: my-tls-secret
  namespace: default
type: [1]
data:
  tls.crt: [2]
  tls.key: [3]
Drag options to blanks, or click blank then click option'
Akubernetes.io/tls
BLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCg==
CLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQo=
DOpaque
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'Opaque' type instead of 'kubernetes.io/tls'
Putting raw certificate data instead of base64 encoded strings