CKA EXAM QS-13 2025

Question 13:

Review and apply the appropriate N/W policy from the provided YAML samples.

Ensure that the chosen NetworkPolicy is not overly permissive, but allows

communication between the frontend and backend Deployments, which run in the

frontend and backend namespaces respectively.

First analyze the frontend and backend Departments to determine the specific

requirements for the NetworkPolicy that needs to be applied.

Next, examine the Network Policy YAML samples located in the ~/netpol folder

Do not modify or delete the provided samples. Only apply one of them. Failure to

comply may result in a reduce score.

Finally, apply the Network Policy that enables communication between the

frontend Deployments without being overly permissive.

================================================

Inspect frontend & backend deployments (what labels, ports, namespaces)

# List namespaces

kubectl get ns

# Show frontend deployments and pods/labels

kubectl get deploy -n frontend -o wide

kubectl get pods -n frontend --show-labels

# Show backend deployments and pods/labels

kubectl get deploy -n backend -o wide

kubectl get pods -n backend --show-labels

# Also check Services (if backend is exposed via a Service — helpful for testing)

kubectl get svc -n backend -o wide

Choose and apply exactly one sample (example)

kubectl apply -f ~/netpol/allow-frontend-to-backend.yaml

If the YAML doesn’t contain metadata.namespace: backend and you confirmed it’s intended for the backend namespace, apply with -n backend:

#kubectl apply -f ~/netpol/allow-frontend-to-backend.yaml -n backend

Verify the NetworkPolicy is created and scoped correctly

# Check that a NetworkPolicy exists in backend ns

kubectl get networkpolicy -n backend

# Describe it to inspect selectors and ports

kubectl describe networkpolicy <name-from-get> -n backend