Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 4 Question 74 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 74
Topic #: 4
[All CKS Questions]

Create a PSP that will only allow the persistentvolumeclaim as the volume type in the namespace restricted.

Create a new PodSecurityPolicy named prevent-volume-policy which prevents the pods which is having different volumes mount apart from persistentvolumeclaim.

Create a new ServiceAccount named psp-sa in the namespace restricted.

Create a new ClusterRole named psp-role, which uses the newly created Pod Security Policy prevent-volume-policy

Create a new ClusterRoleBinding named psp-role-binding, which binds the created ClusterRole psp-role to the created SA psp-sa.

Hint:

Also, Check the Configuration is working or not by trying to Mount a Secret in the pod maifest, it should get failed.

POD Manifest:

apiVersion: v1

kind: Pod

metadata:

name:

spec:

containers:

- name:

image:

volumeMounts:

- name:

mountPath:

volumes:

- name:

secret:

secretName:

Show Suggested Answer Hide Answer
Suggested Answer: A

by Fanny at Feb 09, 2025, 06:04 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tricia
24 days ago
I bet the secret volume type will still try to sneak in, like a secret agent in a spy movie. Gotta watch out for that!
upvoted 0 times
Major
22 hours ago
User 1: I set up the PodSecurityPolicy to only allow persistentvolumeclaim as the volume type.
upvoted 0 times
...
...
Timothy
26 days ago
Wait, so I have to create a whole new ServiceAccount, ClusterRole, and ClusterRoleBinding just to restrict the volume type? Seems a bit overkill, but I'll give it a shot.
upvoted 0 times
...
Lorenza
28 days ago
Hold on, does this mean I can't use any other volume types besides persistentVolumeClaim? That could be tricky for some of my applications.
upvoted 0 times
Diane
15 days ago
Yes, that's correct. The PodSecurityPolicy you created only allows the use of persistentVolumeClaim as the volume type in the restricted namespace.
upvoted 0 times
...
...
Janet
1 months ago
Hmm, creating a PodSecurityPolicy to restrict the volume type seems like a good approach. Let me review the details carefully.
upvoted 0 times
Cherri
24 hours ago
Yes, and it should prevent pods from using volumes other than persistentvolumeclaim.
upvoted 0 times
...
Hillary
22 days ago
I think we need to create a new PodSecurityPolicy named prevent-volume-policy.
upvoted 0 times
...
...
Ruthann
2 months ago
The question is clear and the steps are well-defined. I think I can handle this.
upvoted 0 times
Vincent
19 days ago
After that, I will create the ServiceAccount named psp-sa in the restricted namespace.
upvoted 0 times
...
Trinidad
20 days ago
I will start by creating the PodSecurityPolicy named prevent-volume-policy.
upvoted 0 times
...
...
Jenifer
2 months ago
I think we should focus on creating the PodSecurityPolicy first.
upvoted 0 times
...
Van
2 months ago
I agree, we need to carefully follow the instructions.
upvoted 0 times
...
Yuki
2 months ago
This question seems tricky.
upvoted 0 times
...

Save Cancel