Practice Linux Foundation CKS Exam Questions

SIMULATION Create a new ServiceAccount named backend - sa in the existing namespace default, which has the capability to list the pods inside the namespace default. Create a new Pod named backend - pod in the namespace default, mount the newly created sa backend - sa to the pod, and Verify that the pod is able to list pods. Ensure that the Pod is running.

SIMULATION  Fix all issues via configuration and restart the affected components to ensure the new setting takes effect.  Fix all of the following violations that were found against the API server: -          a. Ensure the - - authorization - mode argument includes RBAC   b. Ensure the - - authorization - mode argument includes Node   c. Ensure that the - - profiling argument is set to false Fix all of the following violations that were found against the Kubelet: -       a. Ensure the - - anonymous - auth argument is set to false.  b. Ensure that the - - authorization - mode argument is set to Webhook. Fix all of the following violations that were found against the ETCD: -       a. Ensure that the - - auto - tls argument is not set to true     Hint: Take the use of Tool Kube - Bench

SIMULATION Create a PSP that will prevent the creation of privileged pods in the namespace. Create a new PodSecurityPolicy named prevent - privileged - policy which prevents the creation of privileged pods. Create a new ServiceAccount named psp - sa in the namespace default. Create a new ClusterRole named prevent - role, which uses the newly created Pod Security Policy prevent - privileged - policy. Create a new ClusterRoleBinding named prevent - role - binding, which binds the created ClusterRole prevent - role to the created SA psp - sa. Also, Check the Configuration is working or not by trying to Create a  Privileged pod, it should get failed.