Bird
0
0

You want to create a NetworkPolicy that allows pods labeled role=frontend to access pods labeled app=nginx on port 80, but blocks all other traffic. Which YAML snippet correctly achieves this?

hard📝 Workflow Q15 of 15
Kubernetes - RBAC and Security
You want to create a NetworkPolicy that allows pods labeled role=frontend to access pods labeled app=nginx on port 80, but blocks all other traffic. Which YAML snippet correctly achieves this?
Aspec: podSelector: matchLabels: app: nginx ingress: - from: - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 80
Bspec: podSelector: matchLabels: role: frontend ingress: - from: - podSelector: matchLabels: app: nginx ports: - protocol: TCP port: 80
Cspec: podSelector: matchLabels: app: nginx egress: - to: - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 80
Dspec: podSelector: matchLabels: app: nginx ingress: - from: - namespaceSelector: matchLabels: role: frontend ports: - protocol: TCP port: 80
Step-by-Step Solution
Solution:

  1. Step 1: Identify pods to protect and allowed sources

    The policy must select pods with app: nginx and allow ingress only from pods with role: frontend.

  2. Step 2: Check ingress rules and ports

    spec: podSelector: matchLabels: app: nginx ingress: - from: - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 80 correctly uses podSelector for nginx pods and allows ingress from frontend pods on TCP port 80.

  3. Step 3: Confirm other options are incorrect

    The snippet that selects role: frontend in podSelector but has from app: nginx reverses source and destination; the snippet using egress and to controls outgoing traffic; the snippet using namespaceSelector selects entire namespaces instead of specific pods.

  4. Final Answer:

    spec: podSelector: matchLabels: app: nginx ingress: - from: - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 80 -> Option A

  5. Quick Check:

    Correct podSelector and ingress from frontend pods = A [OK]
Quick Trick: Select nginx pods and allow ingress from frontend pods on port 80 [OK]
Common Mistakes:
  • Mixing up podSelector labels
  • Using egress instead of ingress
  • Using namespaceSelector instead of podSelector

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Advanced Deployment Patterns - A/B testing with Ingress - Quiz 12easy Helm Package Manager - Creating custom Helm charts - Quiz 4medium Helm Package Manager - Upgrading and rolling back releases - Quiz 15hard Monitoring and Logging - Alerting with Prometheus Alertmanager - Quiz 9hard Operators and Custom Resources - Custom resources concept - Quiz 5medium Operators and Custom Resources - Why operators extend Kubernetes - Quiz 2easy Production Best Practices - Priority classes for critical workloads - Quiz 5medium Production Best Practices - Multi-cluster management concept - Quiz 9hard Production Best Practices - Why production readiness matters - Quiz 14medium Troubleshooting - Pod stuck in Pending state - Quiz 1easy