Kubernetes CKA sample exam question 33 with answer

Question
We have deployed a pod called web-pod (where port 80 was exposed using service web-pod).
Incoming connections (from a pod apicheck to web-pod) are not working.
Identify and make certain changes on pod apicheck (redeploy is needed) so that it can access web-pod.
Note: A NetworkPolicy named api-allow was also created as part of the deployment

Answer
Get details about NetworkPolicy:

kubectl get netpol
kubectl describe netpol api-allow

can be observed the following - a pod selector for ingress traffic for labels: app=bookstore,role=api
Lets check the labels for all pods:

kubectl get po --show-labels

can be noticed that only pod web-pod have above labels.
But pod apicheck have only label role=api - so it do not match labels in pod selector for Ingress
We can also notice the service named web-pod that exposes port 80 from web-pod - pod with same name:

kubectl get svc

Let's test a connection from pod apicheck to service web-pod:

kubectl exec -it apicheck -- wget http://web-pod

We can see the connectoin timeout. To fix this, we beed to edit the apicheck pod:

kubectl edit po apicheck

and add one more missing label app=bookstore
After editing, test again the connection to the service web-pod:

kubectl exec -it apicheck -- wget http://web-pod

Connectivity issue is fixed