Does not allow access from Pods, not in namespace staging.
Does not allow access from Pods, not in namespace staging.View AnswerAnswer: apiVersion:networking.k8s.io/v1 kind:NetworkPolicy metadata: name:network-policy spec: podSelector:{} #selects all the pods in the namespace deployed policyTypes: -Ingress ingress: -ports:#in input traffic allowed only through 80 port only -protocol:TCP port:80
CORRECT TEXT
CORRECT TEXT a. Retrieve the content of the existing secret named default-token-xxxxx in the testing namespace. Store the value of the token in the token.txt b. Create a new secret named test-db-secret in the DB namespace with the following content: username: mysql password: password@123 Create the Pod name test-db-pod of...
CORRECT TEXT
CORRECT TEXT Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted. Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim. Create a new ServiceAccount named psp-sa in the namespace restricted. Create a...
CORRECT TEXT
CORRECT TEXT Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress trafficView AnswerAnswer: You can create a "default" isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any ingress traffic to those...
CORRECT TEXT
CORRECT TEXT Create a new NetworkPolicy named deny-all in the namespace testing which denies all traffic of type ingress and egress trafficView AnswerAnswer: You can create a "default" isolation policy for a namespace by creating a NetworkPolicy that selects all pods but does not allow any ingress traffic to those...
CORRECT TEXT
CORRECT TEXT Fix all issues via configuration and restart the affected components to ensure the new setting takes effect. Fix all of the following violations that were found against the API server:- ✑ a. Ensure the --authorization-mode argument includes RBAC ✑ b. Ensure the --authorization-mode argument includes Node ✑ c....
CORRECT TEXT
CORRECT TEXT On the Cluster worker node, enforce the prepared AppArmor profile ✑ #include<tunables/global> ✑ profile nginx-deny flags=(attach_disconnected) { ✑ #include<abstractions/base> ✑ file, ✑ # Deny all file writes. ✑ deny/** w, ✑ } ✑ EOF' Edit the prepared manifest file to include the AppArmor profile. ✑ apiVersion: v1 ✑...
 
	