What is the most likely reason the NetworkPolicy is not taking effect?
GKE with Calico expects Calico-specific CRDs for full functionality.
Why this answer
The NetworkPolicy is not taking effect because the developer used the standard Kubernetes API version `networking.k8s.io/v1`, which defines a different schema and behavior than the Calico CRD `projectcalico.org/v3`. Calico NetworkPolicies support advanced features like order-of-precedence, global policies, and non-IP match criteria that are not available in the native Kubernetes NetworkPolicy API. When a Calico-specific policy is defined using the wrong API version, the cluster's policy engine (Calico) ignores it, resulting in no enforcement.
Exam trap
Google Cloud often tests the distinction between native Kubernetes NetworkPolicies and CNI-specific CRDs (like Calico), trapping candidates who assume all NetworkPolicies use the same API version and ignore the need to match the policy engine's schema.
How to eliminate wrong answers
Option B is wrong because global network policies in Calico (or Kubernetes) do not override per-namespace policies; instead, they are evaluated with a specific precedence order, and a correctly defined per-namespace policy would still take effect unless explicitly denied by a higher-priority global policy. Option C is wrong because label matching in Kubernetes is case-sensitive, but a capitalization mismatch would cause the policy to not match pods, not prevent the policy from being recognized or taking effect at all; the question asks for the most likely reason the policy is not taking effect, and the API version mismatch is a more fundamental issue. Option D is wrong because a NetworkPolicy can use `spec.podSelector` without `matchLabels` (e.g., using `matchExpressions`), and omitting `matchLabels` entirely is valid if the selector is empty (matches all pods); the absence of `matchLabels` does not prevent the policy from taking effect.