Runtime & Cluster Security
Pod Security Standards, Falco, eBPF runtime security, admission controllers (OPA, Kyverno), policy enforcement
1What are the three Pod Security Standards levels defined by Kubernetes?
What are the three Pod Security Standards levels defined by Kubernetes?
Відповідь
Kubernetes defines three Pod Security Standards levels: Privileged (no restrictions), Baseline (minimally restrictive, blocks known privilege escalations like hostNetwork or privileged containers), and Restricted (highly restrictive, follows hardening best practices with runAsNonRoot, seccomp, etc.). These levels enable progressive security adoption based on application needs.
2How to apply the Baseline Pod Security Standards level to a namespace with kubectl?
How to apply the Baseline Pod Security Standards level to a namespace with kubectl?
Відповідь
Using pod-security.kubernetes.io labels on the namespace enables Pod Security Standards. There are three modes: enforce (blocks), warn (warns), and audit (logs). The kubectl label command applies these labels with the desired level and version.
3What is the main difference between Baseline and Restricted Pod Security Standards levels?
What is the main difference between Baseline and Restricted Pod Security Standards levels?
Відповідь
The Restricted level enforces runAsNonRoot, prohibiting execution as root, while Baseline allows root but blocks privilege escalations. Restricted also adds constraints on capabilities (drop ALL), seccomp (RuntimeDefault), and allowed volumes. It is the recommended level for critical workloads.
What is the main role of Falco in Kubernetes runtime security?
What technology enables Falco to monitor system events without modifying the Linux kernel?
+21 питань зі співбесід
Інші теми співбесід DevOps
Version Control & Git
Linux Fundamentals
Shell Scripting & Bash
Networking Basics
Docker Fundamentals
CI/CD Fundamentals
GitHub Actions
GitLab CI/CD
Jenkins
Kubernetes Basics
Kubernetes Networking
Kubernetes Advanced
Ingress & API Gateway
Terraform Basics
Terraform Advanced
Ansible & Configuration Management
AWS Essentials
Azure Fundamentals
GCP Fundamentals
Monitoring & Prometheus
Logging & ELK Stack
Alerting & Incident Response
Cloud Identity & Secrets
CI/CD Pipeline Security
Helm & Kubernetes
Container Supply Chain Security
Service Mesh & Istio
GitOps & ArgoCD
Progressive Delivery
Distributed Observability
Disaster Recovery & Backup
Performance Optimization
Cloud Cost Optimization
SRE Principles
Chaos Engineering
Platform Engineering
Опануй DevOps для наступної співбесіди
Отримай доступ до всіх питань, flashcards, технічних тестів, вправ code review та симуляторів співбесід.
Почни безкоштовно