What is a ClusterIP Service?
The default Service type that provides an internal IP for use within the cluster.
What is a NodePort Service?
A service that exposes the app on a specific port on every Node’s IP.
What is an Ingress?
An API object that manages external access to services (usually HTTP) via a Load Balancer.
What is a NetworkPolicy?
A set of rules that control the traffic flow between pods (L3/L4).
What is the default behavior of NetworkPolicies?
If no policy exists; all traffic is allowed. Once one is applied; all other traffic is denied (Isolating).
How do you label a pod to be targeted by a Service?
Use ‘selectors’ in the Service YAML that match the ‘labels’ on the Pod.
What is a ‘Headless’ service and how is it created?
A service that returns the IPs of individual pods instead of a single ClusterIP; created by setting ‘clusterIP: None’.
In a NetworkPolicy; how do you allow traffic only from a specific Namespace?
Use a ‘namespaceSelector’ that matches the labels of the target namespace.
How do you configure an Ingress to use a TLS certificate?
Reference a Secret containing ‘tls.crt’ and ‘tls.key’ in the ‘spec.tls’ section of the Ingress.
What is the ‘ExternalName’ service type used for?
To map a service to a DNS name (e.g. an external database) instead of a selector-based set of pods.
How do you allow a pod to communicate with the outside world while blocking all other ingress traffic?
Apply a NetworkPolicy with an empty ‘ingress’ rule (deny all) but a specific ‘egress’ rule.
Which component is responsible for updating the IPTables or IPVS rules on every node?
Kube-Proxy.
If a service is reachable by IP but not by its DNS name, which pod/deployment is likely failing?
CoreDNS (in the kube-system namespace).
What is the fully qualified domain name (FQDN) format for a service named ‘web’ in namespace ‘dev’?
web.dev.svc.cluster.local
How do you check if the Kube-Proxy is running in IPTables mode or IPVS mode?
Check the Kube-Proxy pod logs or the configmap for ‘mode’.
