Runtime & Cluster Security

Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement

24 คำถามสัมภาษณ์·

Senior

What are the three Pod Security Standards levels defined by Kubernetes?

คำตอบ

Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

คำตอบ

Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.

What is the main difference between Baseline and Restricted Pod Security Standards levels?

คำตอบ

The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.

What is the main role of Falco in Kubernetes runtime security?

What technology enables Falco to monitor system events without modifying the Linux kernel?

+21 คำถามสัมภาษณ์

หัวข้อสัมภาษณ์ DevOps อื่นๆ

Version Control & Git

Junior

20 คำถาม

Runtime & Cluster Security

What are the three Pod Security Standards levels defined by Kubernetes?

คำตอบ

How to apply the Baseline Pod Security Standards level to a namespace with kubectl?

คำตอบ

What is the main difference between Baseline and Restricted Pod Security Standards levels?

คำตอบ

What is the main role of Falco in Kubernetes runtime security?

What technology enables Falco to monitor system events without modifying the Linux kernel?

หัวข้อสัมภาษณ์ DevOps อื่นๆ

Version Control & Git

Linux Fundamentals

Shell Scripting & Bash

Networking Basics

Docker Fundamentals

CI/CD Fundamentals

GitHub Actions

GitLab CI/CD

Jenkins

Kubernetes Basics

Kubernetes Networking

Kubernetes Advanced

Ingress & API Gateway

Terraform Basics

Terraform Advanced

Ansible & Configuration Management

AWS Essentials

Azure Fundamentals

GCP Fundamentals

Monitoring & Prometheus

Logging & ELK Stack

Alerting & Incident Response

Cloud Identity & Secrets

CI/CD Pipeline Security

Helm & Kubernetes

Container Supply Chain Security

Service Mesh & Istio

GitOps & ArgoCD

Progressive Delivery

Distributed Observability

Disaster Recovery & Backup

Performance Optimization

Cloud Cost Optimization

SRE Principles

Chaos Engineering

Platform Engineering

เชี่ยวชาญ DevOps สำหรับการสัมภาษณ์ครั้งถัดไป