HomeCKS practice tasks › Configure Cilium Network Policy with Mutual Authentication
CKS · Cluster Hardening

Configure Cilium Network Policy with Mutual Authentication

Cilium is installed in the cluster.

Solve this on a real cluster — free → All CKS tasks
🗓️ Free Task of the Week: one CKS task is unlocked free for everyone every week — no card, real cluster, auto-graded (2 tries/week). Create a free account and check whether this one is live now.

The task

Task

Cilium is installed in the cluster.

Requirements

  1. Create a CiliumNetworkPolicy that allows Pods in namespace client-ns to access the target Deployment Pods in namespace app-ns
  2. Require mutual authentication for that traffic
  3. Allow host access to specific Pods without mutual authentication

Verify that namespace-to-Deployment traffic is allowed with mutual authentication, and host access works without mutual authentication.

Exam
CKS
Domain
Cluster Hardening
Grading
Programmatic · partial credit
Reference
Kubernetes docs ↗

What this tests

Restrict RBAC and service accounts, tighten API server flags, and keep the cluster patched. On the CKS exam, Cluster Hardening tasks are graded purely on what you build in the cluster — not multiple choice — so the only way to get faster is to do them on a real cluster against a clock.

Practice it for real

prepium.sh drops you into your own isolated Kubernetes cluster in the browser — no install, no credit card. You solve the task in a real terminal, hit validate, and a programmatic checker scores exactly what you got right and wrong (with partial credit). The canonical solution unlocks after you attempt it, so you learn the fast, exam-ready way to do it.

Start free → CKS overview

Related CKS tasks

Create a TLS Secret Create a Restrictive NetworkPolicy Expose HTTPS Through Ingress with TLS Termination