SIMULATION
Create a new ServiceAccount named backend - sa in the existing namespace default, which has the
capability to list the pods inside the namespace default.
Create a new Pod named backend - pod in the namespace default, mount the newly created sa
backend - sa to the pod, and Verify that the pod is able to list pods.
Ensure that the Pod is running.
Question No 2
SIMULATION
Fix all issues via configuration and restart the affected components to ensure the new setting takes
effect.
Fix all of the following violations that were found against the API server: -
a. Ensure the - - authorization - mode argument includes RBAC
b. Ensure the - - authorization - mode argument includes Node
c. Ensure that the - - profiling argument is set to false
Fix all of the following violations that were found against the Kubelet: -
a. Ensure the - - anonymous - auth argument is set to false.
b. Ensure that the - - authorization - mode argument is set to Webhook.
Fix all of the following violations that were found against the ETCD: -
a. Ensure that the - - auto - tls argument is not set to true
Hint: Take the use of Tool Kube - Bench
Question No 3
SIMULATION
Create a PSP that will prevent the creation of privileged pods in the namespace.
Create a new PodSecurityPolicy named prevent - privileged - policy which prevents the creation of
privileged pods.
Create a new ServiceAccount named psp - sa in the namespace default.
Create a new ClusterRole named prevent - role, which uses the newly created Pod Security Policy
prevent - privileged - policy.
Create a new ClusterRoleBinding named prevent - role - binding, which binds the created ClusterRole
prevent - role to the created SA psp - sa.
Also, Check the Configuration is working or not by trying to Create a Privileged pod, it should get
failed.