Aibek:
Seems like something is wrong with some of the mock exams. @Mumshad Mannambeth
For Mock Exam 1, Q7, I did not have production namespace at all.
For Mock Exam 2, right after I started it, there are pods missing:
The task at hand:
A pod called redis-backend has been created in the prod-x12cs namespace. It has been exposed as a service of type ClusterIP. Using a network policy called allow-redis-access, lock down access to this pod only to the following:
1. Any pod in the same namespace with the label backend=prod-x12cs.
2. All pods in the prod-yx13cs namespace.
All other incoming connections should be blocked.
Use the existing labels when creating the network policy.
The namemspaces prod-yx13cs and prod-yx12cs do exist, however, I don’t see redis-backend pod in there:
controlplane $ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-f9fd979d6-r998r 1/1 Running 0 7m6s
kube-system coredns-f9fd979d6-wl6s4 1/1 Running 0 6m52s
kube-system etcd-controlplane 1/1 Running 0 7m41s
kube-system kube-apiserver-controlplane 1/1 Running 0 7m41s
kube-system kube-controller-manager-controlplane 1/1 Running 0 7m41s
kube-system kube-proxy-bpv2g 1/1 Running 0 7m31s
kube-system kube-proxy-fgfgr 1/1 Running 0 7m39s
kube-system kube-scheduler-controlplane 1/1 Running 0 7m41s
kube-system weave-net-744dz 2/2 Running 0 7m31s
kube-system weave-net-sbvk5 2/2 Running 1 7m39s
sahara apps-240616 1/1 Running 0 6m16s
Listing all resouces in prod-yx12cs namespace doesn’t reveal any pods(Method borrowed from here: https://stackoverflow.com/questions/47691479/listing-all-resources-in-a-namespace):
controlplane $ kubectl api-resources --verbs=list --namespaced -o name \
> | xargs -n 1 kubectl get --show-kind --ignore-not-found -n prod-x12cs
NAME ENDPOINTS AGE
endpoints/redis-backend <none> 9m16s
NAME TYPE DATA AGE
secret/default-token-mch7l <http://kubernetes.io/service-account-token|kubernetes.io/service-account-token> 3 9m17s
NAME SECRETS AGE
serviceaccount/default 1 9m17s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/redis-backend ClusterIP 10.101.85.182 <none> 6379/TCP 9m17s
NAME ADDRESSTYPE PORTS ENDPOINTS AGE
<http://endpointslice.discovery.k8s.io/redis-backend-7x5t7|endpointslice.discovery.k8s.io/redis-backend-7x5t7> IPv4 <unset> <unset> 9m19s
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use <http://networking.k8s.io/v1|networking.k8s.io/v1> Ingress
controlplane $