Linux Foundation Exam CKS Topic 1 Question 27 Discussion

Actual exam question for Linux Foundation's Certified Kubernetes Security Specialist exam

Question #: 27
Topic #: 1

[All Certified Kubernetes Security Specialist Questions]

You must complete this task on the following cluster/nodes:

Cluster:apparmor

Master node:master

Worker node:worker1

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context apparmor

Given: AppArmor is enabled on the worker1 node.

Task:

On the worker1 node,

1. Enforce the prepared AppArmor profile located at:/etc/apparmor.d/nginx

2. Edit the prepared manifest file located at/home/cert_masters/nginx.yamlto apply the apparmor profile

3. Create the Pod using this manifest

AExplanation:
[desk@cli] $ssh worker1
[worker1@cli] $apparmor_parser -q /etc/apparmor.d/nginx
[worker1@cli] $aa-status | grep nginx
nginx-profile-1
[worker1@cli] $logout
[desk@cli] $vim nginx-deploy.yaml
Add these lines under metadata:
annotations: # Add this line
container.apparmor.security.beta.kubernetes.io/<container-name>: localhost/nginx-profile-1
[desk@cli] $kubectl apply -f nginx-deploy.yaml
Explanation
[desk@cli] $ssh worker1
[worker1@cli] $apparmor_parser -q /etc/apparmor.d/nginx
[worker1@cli] $aa-status | grep nginx
nginx-profile-1
[worker1@cli] $logout
[desk@cli] $vim nginx-deploy.yaml

[desk@cli] $kubectl apply -f nginx-deploy.yaml
pod/nginx-deploy created

Reference:https://kubernetes.io/docs/tutorials/clusters/apparmor/
pod/nginx-deploy created
[desk@cli] $kubectl apply -f nginx-deploy.yaml
pod/nginx-deploy created

Reference:https://kubernetes.io/docs/tutorials/clusters/apparmor/

Show Suggested Answer

Suggested Answer: A

by Kenneth at Jul 22, 2022, 03:00 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!