Hi Community,
I’m currently working on the lab “How to Use a Network Policy on Google Kubernetes Engine,” but I’m stuck on Task 3 and Task 6. Despite multiple attempts and restarting the lab, the progress check fails to validate these specific tasks.
Has anyone else experienced this recently? I would appreciate any advice or workarounds to get these tasks marked as complete.
Hi @RameshGJ Make sure you enabled network policy on the GKE cluster at creation time using --enable-network-policy because it cannot be added later without recreating the cluster, verify that the NetworkPolicy resource is created in the correct namespace and matches the pod labels exactly, check that the pods are running and selected by the policy with kubectl get pods --show-labels, and confirm that the connectivity test behaves as expected before running the progress check. If it still fails, wait a few minutes before re-running the check since validation can lag.
everything has done accordingly but still not getting scores for task 2(3) and task 3 (6)
@ayan_7926 Finally found the way and was able to complete the Lab.
Hi, how did you overcome this issue. Even i am facing the same issue.
@Nirmalkumar6112 Provide me 2 days of time will upload the way to finish the lab.
Hi Ramesh,
Thanks for the heads-up. Please take your time with the upload; there’s no urgency on my end. Looking forward to your instructions when you’re ready.
Thank you,
Emerson
-------- Email Original --------
@Emerson_Severo , @Nirmalkumar6112 i have uploaded the video of how to complete the lab, https://www.youtube.com/watch?v=kZGQGT4Pj6k . If you still facing issues after following the steps do let me know I will try to help you out.
@ayan_7926 I have uploaded the video for the solution . https://www.youtube.com/watch?v=kZGQGT4Pj6k. Try it and let me know if you are still facing issues.
Thank you so much for the video @RameshGJ .
Even though i followed the same steps still i am still stuck.
@Nirmalkumar6112 did you run the make tf-destroy before running the other commands?? Once the tf-destroy completes can you manually check if the instance, cluster and firewall rules are deleted before continuing in creating the instances manually
Yes i did and cross checked deletions, these were the commands used as per yours
make tf-destroy
gcloud compute instances delete gke-demo-bastion --zone=us-central1-a --quiet
gcloud compute firewall-rules delete bastion-ssh --quiet
gcloud compute networks subnets delete kube-net-subnet --region=us-central1 --quiet
gcloud compute networks delete kube-net --quiet
gcloud config set project PROJECT_ID
gcloud compute networks create kube-net --subnet-mode=custom
gcloud compute networks subnets create kube-net-subnet
–network=kube-net
–region=us-central1
–range=10.0.96.0/22
–secondary-range=secondary-range=10.0.92.0/22
gcloud compute firewall-rules create bastion-ssh
–network=kube-net
–direction=INGRESS
–priority=1000
–action=ALLOW
–rules=tcp:22
–source-ranges=0.0.0.0/0
–target-tags=bastion
gcloud compute instances create gke-demo-bastion
–zone=us-central1-a
–machine-type=g1-small
–network-interface=subnet=kube-net-subnet,address=“”
–metadata=startup-script=‘sudo apt-get update -y && sudo apt-get install -y kubectl’
–scopes=https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/compute.readonly,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/cloud-platform
–tags=bastion
–image-family=debian-11
–image-project=debian-cloud
gcloud container clusters create gke-demo-cluster \
–zone=us-central1-a \
–machine-type=n1-standard-1 \
–image-type=COS_CONTAINERD \
–num-nodes=3 \
–network=kube-net \
–subnetwork=kube-net-subnet \
–cluster-secondary-range-name=secondary-range \
–enable-ip-alias \
–enable-private-nodes \
–master-ipv4-cidr=10.0.90.0/28 \
–enable-master-authorized-networks
BASTION_IP=$(gcloud compute instances describe gke-demo-bastion \
–zone=us-central1-a \
–format=‘get(networkInterfaces[0].accessConfigs[0].natIP)’)
gcloud container clusters update gke-demo-cluster \
–zone=us-central1-a \
–enable-master-authorized-networks \
–master-authorized-networks=${BASTION_IP}/32
gcloud compute scp --recurse ./manifests gke-demo-bastion:~/ --zone=us-central1-a
gcloud compute ssh gke-demo-bastion --zone=us-central1-a
Rest of cmds used as mentioned in lab…
I have also reached out support team.
Thanks for that info Nirmal, Not sure if there is any specific issue with zone and region I tried with 2 different zones and region and it worked, I will try to check the lab again with the zone and region you have tried will keep you posted on the same.