How does the Container Network Interface (CNI) relate to Network Policies in Kubernetes?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Kubernetes Certified Network Administrator Exam. Our test offers comprehensive flashcards, multiple-choice questions, and detailed explanations. Be confident for your exam!

Multiple Choice

How does the Container Network Interface (CNI) relate to Network Policies in Kubernetes?

Explanation:
The key idea is that Network Policies describe what traffic is allowed, but the actual enforcement happens through the CNI plugin. When you create a policy, Kubernetes stores the policy object, but it’s the CNI-enabled network plugin on each node that translates that policy into concrete firewall rules (such as iptables, nftables, or eBPF) to permit or deny traffic between pods. If the CNI plugin doesn’t support policy enforcement, those policies won’t be enacted. The Kubelet doesn’t enforce policies, and while policy objects are stored in etcd, enforcement is handled by the CNI.

The key idea is that Network Policies describe what traffic is allowed, but the actual enforcement happens through the CNI plugin. When you create a policy, Kubernetes stores the policy object, but it’s the CNI-enabled network plugin on each node that translates that policy into concrete firewall rules (such as iptables, nftables, or eBPF) to permit or deny traffic between pods. If the CNI plugin doesn’t support policy enforcement, those policies won’t be enacted. The Kubelet doesn’t enforce policies, and while policy objects are stored in etcd, enforcement is handled by the CNI.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy