CKAD Exam Practice Exercise : Services and Networking

Services and Networking (13%)

Practice questions based on these concepts

  • Understand Services
  • Demonstrate a basic understanding of NetworkPolicies


Create an nginx pod with a yaml file with label my-nginx and expose the port 80

kubectl run nginx --image=nginx --restart=Never --port=80 --dry-run -o yaml > nginx.yaml

// edit the label app: my-nginx and create the pod
apiVersion: v1
kind: Pod
  creationTimestamp: null
    app: my-nginx
  name: nginx
  - image: nginx
    name: nginx
    - containerPort: 80
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Never
status: {}

kubectl create -f nginx.yaml

Create the service for this nginx pod with the pod selector app: my-nginx

// create the below service
apiVersion: v1
kind: Service
  name: my-service
    app: my-nginx
    - protocol: TCP
      port: 80
      targetPort: 9376

kubectl create -f nginx-svc.yaml

Find out the label of the pod and verify the service has the same label

// get the pod with labels
kubectl get po nginx --show-labels

// get the service and chekc the selector column
kubectl get svc my-service -o wide

Delete the service and create the service with kubectl expose command and verify the label

// delete the service
kubectl delete svc my-service

// create the service again
kubectl expose po nginx --port=80 --target-port=9376

// verify the label
kubectl get svc -l app=my-nginx

Delete the service and create the service again with type NodePort

// delete the service
kubectl delete svc nginx

// create service with expose command
kubectl expose po nginx --port=80 --type=NodePort

Create the temporary busybox pod and hit the service. Verify the service that it should return the nginx page index.html

// get the clusterIP from this command
kubectl get svc nginx -o wide

// create temporary busybox to check the nodeport
kubectl run busybox --image=busybox --restart=Never -it --rm -- wget -o- :80

Create a NetworkPolicy which denies all ingress traffic

kind: NetworkPolicy
  name: default-deny
  podSelector: {}
  - Ingress

