CNI QS 2025 CKA

AWNS:

Note: Flannel is not support for network policy enforcement

So go for Calico

Now Check the node Communication status

Ckeck if any cni installed # kubectl get pods -A | grep -E "flannel|calico"

Install tigera operator and verify

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml

# 3) Install the Calico custom resources (the actual Calico installation config)

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/customresources.yaml

To verify:

#kubectl get pods -n tigera-operator

#kubectl get pods -A | grep calico

vi tigera-operator.yaml

apiVersion: operator.tigera.io/v1

kind: Installation

metadata:

name: default

spec:

cni:

type: Calico

calicoNetwork:

bgp: Disabled

ipPools:

- cidr: 192.168.0.0/16

encapsulation: VXLAN

natOutgoing: Enabled

nodeSelector: all()

:wq

#kubectl apply -f tigera-operator.yaml

May be this display the waring dont warry

To verify:

Kubectl get installations.operator.tigera.io default -o yaml

then create a two test pods

#kubectl get pods -o wide

#kubectl exec test1 -- ping -c 4 192.168.1.130

optional: create a network policy

Default deny all ingress traffic (from the docment)

vi deny.yaml

---

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: allow-all-ingress

spec:

podSelector: {}

ingress:

- {}

policyTypes:

- Ingress

  - Egress

:wq

Kubectl apply -f deny.yaml

#kubectl exec test1 -- ping -c 4 192.168.1.130

pods not responding