Fix all issues via configuration and restart the affected components to ensure the new setting takes effect.
Fix all of the following violations that were found against theAPI server:-
a. Ensure the --authorization-mode argument includes RBAC
b. Ensure the --authorization-mode argument includes Node
c. Ensure that the --profiling argument is set to false
Fix all of the following violations that were found against theKubelet:-
a. Ensure the --anonymous-auth argument is set to false.
b. Ensure that the --authorization-mode argument is set to Webhook.
Fix all of the following violations that were found against theETCD:-
a. Ensure that the --auto-tls argument is not set to true
Hint: Take the use of Tool Kube-Bench
A container image scanner is set up on the cluster.
Given an incomplete configuration in the directory
/etc/kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://test-server.local.8081/image_policy
1. Enable the admission plugin.
2. Validate the control configuration and change it to implicit deny.
Finally, test the configuration by deploying the pod having the image tag as latest.
Create a new ServiceAccount named backend-sa in the existing namespace default, which has the capability to list the pods inside the namespace default.
Create a new Pod named backend-pod in the namespace default, mount the newly created sa backend-sa to the pod, and Verify that the pod is able to list pods.
Ensure that the Pod is running.
A container image scanner is set up on the cluster.
Given an incomplete configuration in the directory
/etc/kubernetes/confcontrol and a functional container image scanner with HTTPS endpoint https://test-server.local.8081/image_policy
1. Enable the admission plugin.
2. Validate the control configuration and change it to implicit deny.
Finally, test the configuration by deploying the pod having the image tag as latest.
You must complete this task on the following cluster/nodes: Cluster:trace Master node:master Worker node:worker1 You can switch the cluster/configuration context using the following command: [desk@cli] $kubectl config use-context trace Given: You may use Sysdig or Falco documentation. Task: Use detection tools to detect anomalies like processes spawning and executing something weird frequently in the single container belonging to Podtomcat. Two tools are available to use: 1. falco 2. sysdig Tools are pre-installed on the worker1 node only. Analyse the container's behaviour for at least 40 seconds, using filters that detect newly spawning and executing processes. Store an incident file at/home/cert_masters/report, in the following format: [timestamp],[uid],[processName] Note:Make sure to store incident file on the cluster's worker node, don't move it to master node.
Natalya
8 days agoOnita
17 days agoTamar
2 months agoMargery
2 months agoVallie
3 months agoTruman
3 months agoArminda
3 months agoSunshine
4 months agoFletcher
4 months agoAlease
4 months agoEleonore
5 months agoGeoffrey
5 months agoBarbra
5 months agoFrancoise
5 months agoDeane
6 months agoHermila
6 months agoBlossom
6 months agoFelix
7 months agoWilliam
7 months agoJolanda
7 months agoMicaela
7 months agoEladia
7 months agoSherita
8 months agoAdolph
8 months agoJanet
8 months agoMa
8 months agoCamellia
9 months agoTarra
9 months agoGlynda
9 months agoHassie
9 months agoJesus
9 months agoJulene
10 months agoLoren
10 months agoBillye
10 months agoNadine
1 years ago