CKAD Scenarios about Ingress and NetworkPolicy
In-Browser CKAD Scenarios about Ingress and NetworkPolicies
FREE CKAD Scenarios? YES!
(we also already have CKA and CKS ones)
killercoda.com/killer-shell-ckad
This week's scenarios
This week we added these scenarios:
Ingress
Kubernetes Ingress is a K8s Resource which manages external access into the cluster. There are various different Ingress Controllers, like Nginx or HAProxy.
If we install for example the Nginx Ingress Controller in our cluster and then create a new Ingress resource (for type Nginx), these things will be done automatically for us:
- The nginx config will be automatically generated based on what we say in the Ingress YAML
- One or more nginx pods (Nginx Ingress Controller pods) will be created, probably via a Deployment
- A Service pointing to the nginx pods will be created, probably type LoadBalancer
We could also do all these things above without any Ingress at all. But have you written a nginx config yourself once? Exactly! Using Ingress just makes things much easier.
I wrote a detailed article about Ingress if you like to understand more.
NetworkPolicy
In K8s, NetworkPolicies can be seen as the firewall rules of the cluster. Here we can say which pods are allowed to talk to which pods in which namespaces etc.
It’s a really good idea to read through the whole documentation to get things right, because little misconfigurations can cause big security issues!
For learning, you can use the amazing NetworkPolicy Editor at cilium.
Also important to note is that NetworkPolicies only work if the CNI used inside the cluster (like Weave or Calico) supports these. If you use a CNI that doesn’t support it, there will be no error shown during the creation of NPs, they just won’t do anything. In the CKAD exam, you can be sure that the CNI supports it.
What’s next?
We plan to create new CKAD challenges weekly and post here about it. Any topics you would like to see next? Let us know in the comments!