Kubernetes CKA sample exam question 36 with answer

Question
We have deployed a new pod called web-test and a service called web-test-svc. Incoming connections to this service are not working.
Inspect the setup.
Create a NetworkPolicy, by the name ingress-to-web-test that allows incoming connections to the service over port 80.
Important: Don't delete any current object deployed. Don't alter existing objects.

Answer
Inspect the setup:

kubectl get netpol
kubectl get po,svc

Can be observed a NetworkPolicy named default-deny-ingress. Get more details about it:

kubectl describe netpol default-deny-ingress

In this netpol - no PodSelector is applied, so all pods in the namespace will be affected, also - no ports are allowed, the pods are isolated for ingress connectivity.
This is why connection to the service is not occurring if we are trying to connect:

kubectl exec -it connect-pod -- wget web-test-svc

To allow connections, a netpol which allow ingress to port 80 should be created:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ingress-to-web-test
  namespace: default
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  ingress:
  - ports:
    - protocol: TCP
      port 80

Apply:

kubectl apply -f np.yaml

And check again the connectivity:

kubectl exec -it connect-pod -- wget web-test-svc

Now, everything should work.