본문 바로가기

CKA &. CKAD/Security

(15)
kube-apiserver/etcd-controlplane ca 설명 journalctl -u etcd.service kubectl logs etcd-master [kube-apiserver.yaml] - command: - kube-apiserver - --advertise-address=172.17.0.10 - --client-ca-file=/etc/kubernetes/pki/ca.crt - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 -..
Network Policy
Practice Test - Security Contexts [Practice Test] ㅁ What is the user used to execute the sleep rpocess within the 'ubuntu-sleeper' pod? in the current(default) namespace kubectl exec ubuntu-sleeper -- whoami ㅁ Edit the pod 'ubuntu-sleeper' to run the sleep process with user ID 1010. Node: Only make the necessary changes. Do not modify the name or image of the pod securityContext: runAsUser: 1010 추가 apiVersion: v1 kind: Pod metad..
Practice Test - Securing Image nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx image: nginx Private Repository $ docker login private-registry.io $ docker run private-registry.io/appsinternal-app nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx image: private-registry.io/appsinternal-app How do you pass the credentials to the do..
Cluster Roles kubectl api-resources --namespaced=true kubectl api-resources --namespaced=false [Practice Test] ㅁ How many ClusterRole do you see defined in the cluster? kubectl get ClusterRoles --no-headers | wc -l ㅁ How many ClusterRoleBindings exsit on the cluster? kubectl get ClusterRoleBindings --no-header | wc -l ㅁ What namespaces is the cluster-admin clusterrole part of? kubectl describe ClusterRole clu..
RBAC (Role Based Access Controls) and Practice Test developer-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: developer rules: - apiGroups: [""] resources: ["pods"] verbs: ["list", "get", "create", "update", "delete"] - apiGroups: [""] resources: ["ConfigMap"] verbs: ["create"] kubectl create -f developer-role.yaml devuser-developer-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: nam..
Authorization Attribute Based Access Control Role Based Access Control
API Groups Access the api server at the master nodes address followed by the port which is 6443 by default and the API version curl https://kube-master:6443/version similarly to get the list of pods, you wuold access the url api/v1/pods The kubernetes API is group into multiple APIs are categorized into two The core group and named group kubernetes api 관련 설명 내용 https://kubernetes.io/docs/reference/generate..