Pods being configured to be privileged in any way must be treated as potentially not stateless or not immutable.

Pods being configured to be privileged in any way must be treated as potentially not stateless or not immutable.

View Answer

Answer: k get pods -n prodk get pod <pod-name> -n prod -o yaml | grep -E ‘privileged|ReadOnlyRootFileSystem’Delete the pods which do have any of these 2 propertiesprivileged:true or ReadOnlyRootFileSystem: false

[desk@cli]$ k get pods -n prod

NAME READY STATUS RESTARTS AGE

cms 1/1 Running 0 68m

db 1/1 Running 0 4m

nginx 1/1 Running 0 23m

[desk@cli]$ k get pod nginx -n prod -o yaml | grep -E ‘privileged|RootFileSystem’ {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"creationTimestamp":null,"label s":{"run":"nginx"},"name":"nginx","namespace":"prod"},"spec":{"containers":[{"image":"nginx ","name":"nginx","resources":{},"securityContext":{"privileged":true }}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always"},"status":{}}f:privileged: {}privileged:

true

[desk@cli]$ k delete pod nginx -n prod

[desk@cli]$ k get pod db -n prod -o yaml | grep -E ‘privileged|RootFilesystem’

[desk@cli]$ k get pod cms -n prod -o yaml | grep -E ‘privileged|RootFilesystem’