Configure network connections for AKS

Practice Test

True/False: AKS stands for Azure Kubernetes Service.

• True
• False

Answer: True

Explanation: The acronym AKS stands for Azure Kubernetes Service, a fully managed service provided by Azure for deploying, scaling, and managing containerized applications.

Which of the following can be used to configure network connections for AKS?

• A. Azure portal
• B. Azure CLI
• C. Kubernetes CLI
• D. All of the above

Answer: D. All of the above

Explanation: Azure portal, Azure CLI, and Kubernetes CLI can all be used to configure network connections for AKS.

True/False: The service principle for AKS needs RBAC permissions to manage Azure Active Directory resources.

• True
• False

Answer: False

Explanation: The service principle for AKS manages Azure resources, not Azure Active Directory resources.

Which network model does AKS use by default?

• A. Azure VNet
• B. Kubenet
• C. Docker Network

Answer: B. Kubenet

Explanation: By default, AKS uses Kubenet. Kubenet is a very basic, simple network plugin, on Linux only. It does not, of itself, implement more advanced features like cross-node networking or network policy.

True/False: You can change the network configuration after the AKS cluster has been created.

• True
• False

Answer: False

Explanation: After you create an AKS cluster, you can’t change its network configuration.

Which command can be used to create an AKS cluster with Azure CLI?

• A. az aks create
• B. az aks configure
• C. az network create

Answer: A. az aks create

Explanation: The command ‘az aks create’ is used to create a new AKS cluster.

What is Azure CNI?

• A. A tool for managing Azure resources.
• B. An Azure networking solution.
• C. A tool for managing Kubernetes clusters.

Answer: B. An Azure networking solution.

Explanation: Azure CNI (Container Network Interface) is an Azure networking solution for Kubernetes which allows nodes to have direct connectivity to network resources.

True/False: Azure CNI enables containers to have same IP address as nodes.

• True
• False

Answer: False

Explanation: Azure CNI assigns an IP address from the subnet and it makes it possible for containers to reach other network-connected resources, but they do not share same IP address as nodes.

True/False: AKS supports network policies for finer-grained control over inbound and outbound traffic.

• True
• False

Answer: True

Explanation: In AKS, you can use Kubernetes native network policies or use network policies with Azure’s own implementation of network policies to control the flow of traffic.

Which of the following is used to manage versioning in AKS?

• A. Azure CLI
• B. Azure portal
• C. Azure Resource Manager
• D. Kubernetes Master

Answer: D. Kubernetes Master

Explanation: The version of Kubernetes is managed by the master and maintained through regular updates that are managed by AKS.

Interview Questions

What is Azure Kubernetes Service (AKS) network connection?

Azure Kubernetes Service (AKS) network connection provides networking capabilities for the AKS cluster. It makes it possible for the cluster to communicate both with other resources within your Azure environment and with the outside world.

What are the two models used in AKS network configuration?

The two models used in AKS network configuration are Kubenet (network plugin in Kubernetes) and Azure Container Networking Interface (CNI).

What is the Kubenet networking model in AKS?

In the Kubenet networking model, every Pod gets an IP in a virtual network subnet and the AKS cluster does not need to integrate with the virtual network.

What is Azure Container Networking Interface (CNI) in AKS?

In Azure CNI, every Pod gets an IP from the subnet and can be accessed directly. These IP addresses must be unique across your network space, and must be planned in advance.

What is the role of Azure CNI?

Azure CNI allows every Pod in the AKS cluster to have an IP in the Virtual Network. It gives Pods full network connectivity across virtual networks and on-premises networks, and connectivity to Azure services.

How to secure the AKS cluster at the networking level?

Network policies can be used to secure the AKS cluster at the networking level. These policies define rules about which Pods can communicate with each other and other network endpoints.

What is Azure Network Policy?

Azure Network Policy is a container network policy provider in Azure. With Azure Network Policy, you can govern the communication between Pods within the same AKS cluster.

How do service endpoints help in protecting your AKS network?

Azure service endpoints allow you to secure access to Azure resources from your AKS cluster. They extend your virtual network private address space to Azure services.

What are network policies in AKS networking?

Network policies are Kubernetes resources that use labels to select pods and define rules that specify what traffic is allowed to the selected pods.

How can you enable Azure Network Policy in an AKS cluster?

Azure Network Policy can be enabled while creating an AKS cluster, or it can be updated in existing clusters. This can be achieved using Azure portal, Azure CLI or Azure Resource Manager templates.

What is ingress controller in AKS?

Ingress controller in AKS is a function that routes incoming network traffic and distributes it to various services within the cluster. This provides AKS with HTTP, HTTPS, or other types of routing capabilities.

How to choose between Kubenet and Azure CNI plugins for AKS network configuration?

The choice between Kubenet and Azure CNI plugins depends on the requirements. If you need higher performance, large CIDR ranges, or integration with on-prem networks, Azure CNI is the best choice. For simpler, self-contained networks where performance is not a high priority, Kubenet would be a better option.

Can I change the networking plugin after creating the AKS cluster?

No, the choice of network plugin is made when the AKS cluster is created and cannot be changed afterwards.

How can we restrict egress traffic from an AKS cluster?

Egress traffic from an AKS cluster can be restricted by creating outbound type rules in the Network Security Group (NSG).

How can we work with Azure Private Link for AKS?

Azure Private Link for AKS enables users to access AKS over a private network connection. It allows users to interact with the Kubernetes API server over a secure, authorized network connection.