nerdexam
ExamsCKSQuestions#73
Linux_FoundationLinux_Foundation

CKS · Question #73

CKS Question #73: Real Exam Question with Answer & Explanation

5) Create allow-from-prod policy in data cat <<EOF | kubectl apply -f - apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-from-prod namespace: data spec: podSelector: {} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: env: prod E

Submitted by kev92· May 4, 2026Cluster Hardening

Question

PART B -- Allow ingress to data ONLY from Pods in prod. Requirement: NetworkPolicy name: allow-from-prod, Namespace: data (namespace is labeled env=data), Allow ingress only from Pods in prod namespace, Use namespace label (env=prod)

Explanation

  1. Create allow-from-prod policy in data

cat <<EOF | kubectl apply -f - apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-from-prod namespace: data spec: podSelector: {} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: env: prod EOF

What this does: Applies to all Pods in data Allows ingress only from namespaces labeled env=prod All other ingress traffic is denied by default

  1. Verify kubectl -n data get networkpolicy allow-from-prod

FINAL CHECK (What the examiner expects) kubectl get networkpolicy -n prod kubectl get networkpolicy -n data

You should see: deny-policy in prod allow-from-prod in data

Topics

#Kubernetes NetworkPolicy#Network Policy Ingress#Namespace Labels#Network Segmentation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CKS PracticeBrowse All CKS Questions