본문 바로가기
CKA &. CKAD/Security

Practice Test - Security Contexts

Clark Shim 2021. 3. 30. 10:21

 

 

[Practice Test]

 

ㅁ What is the user used to execute the sleep rpocess within the 'ubuntu-sleeper' pod? in the current(default) namespace

 

kubectl exec ubuntu-sleeper -- whoami

 

ㅁ Edit the pod 'ubuntu-sleeper' to run the sleep process with user ID 1010.

Node: Only make the necessary changes. Do not modify the name or image of the pod

 

securityContext:

  runAsUser: 1010 

추가

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
  namespace: default
spec:
  securityContext:
    runAsUser: 1010
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    name: ubuntu-sleeper

 

ㅁ A Pod definition file named 'multi-pod.yaml' is given. With what user are the processes in the 'web' container started?

(The pod is created with multiple containers and security contexts defined at the POD and Container level

 

multi-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: multi-pod
spec:
  securityContext:
    runAsUser: 1001
  containers:
  - image: ubuntu
    name: web
    command: ["sleep", "5000"]
    securityContext:
      runAsUser: 1002
  - image: ubuntu
    name: sidecar
    command: ["sleep", "5000"]

 

[User ID: 1002]

 

ㅁ With what user are the processes in the 'sidecar' container started?

The pod is create with multiple container and security contexts defined at the POD and Container level

 

[User ID: 1001]

 

ㅁ Try to run the below command in the pod 'ubuntu-sleeper' to set the date. Are you allowed to set date on the POD?

kubectl exec -it ubuntu-sleeper -- date -s '19 APR 2012 11:14:00'
date: invalid date '19 APR 2012 11:!4:00'
command terminated with exit code 1

 

ㅁ Update pod 'ubuntu-sleeper' to run as Root user and with the 'SYS_TIME' capability.

- Pod Name: ubuntu-sleeper

- Image Name: ubuntu

- SecurityContext: Capabilitiy SYS_TIME

 

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
spec:
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    name: ubuntu-sleeper
    securityContext:
      capabilities:
        add: ["SYS_TIME"]

 

'CKA &. CKAD > Security' 카테고리의 다른 글

kube-apiserver/etcd-controlplane ca 설명  (0) 2021.04.03
Network Policy  (0) 2021.03.30
Practice Test - Securing Image  (0) 2021.03.30
Cluster Roles  (0) 2021.03.29
RBAC (Role Based Access Controls) and Practice Test  (0) 2021.03.29

'CKA &. CKAD/Security' Related Articles

티스토리툴바