Practice & Assessment
Test your understanding of Networking: Services, DNS, and Ingress
Multiple Choice Questions
5A Service of type ClusterIP named 'auth-svc' is in the 'security' namespace. What DNS name would a Pod in the 'default' namespace use to reach it?
You apply a NetworkPolicy with `podSelector: {}` and `policyTypes: [Ingress]` but no ingress rules. What is the effect?
What is the NodePort range in Kubernetes?
Which Service type creates individual DNS entries for each Pod rather than a single virtual IP?
You have two services: frontend on port 80 and api on port 80. Both need to be reachable externally via the same IP. Which approach is most cost-effective?
Coding Challenges
1Multi-Service Ingress Setup
Deploy two Deployments in a namespace called 'ingress-lab': one running nginx:1.25 with a ClusterIP Service named 'web-svc' on port 80, and one running kennethreitz/httpbin with a ClusterIP Service named 'api-svc' on port 80. Configure an Ingress resource that routes traffic from path '/' to web-svc and from path '/api' to api-svc (with rewrite-target annotation). Install the nginx Ingress controller in kind. Test both routes with curl. Expected output: curl returns nginx response for '/' and httpbin JSON for '/api'. Time estimate: 30 minutes.
Mini Project
Secure Multi-Tier Application Network
Deploy a three-tier application: frontend (nginx), api (kennethreitz/httpbin), and a mock database tier (postgres:15 with dummy config). Create ClusterIP Services for each. Write NetworkPolicies implementing: (1) default-deny-all ingress in the namespace, (2) allow frontend to call api on port 80, (3) allow api to call database on port 5432, (4) deny frontend from directly calling database. Set up Ingress to expose only the frontend externally. Test your NetworkPolicies by attempting denied connections from a debug Pod. Document every policy rule with inline YAML comments explaining what it allows and why.