https://downloads.cisecurity.org
https://kubesec.io
https://editor.cilium.io
https://github.com/moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist
https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
https://github.com/ggnanasekaran77/cks-exam-tips
- Always make sure that volume is mounted when you do any chnages in the kubeAPI server.
setup your environment:
export do="--dry-run=client -o yaml" # k create deploy nginx --image=nginx $do
export now="--force --grace-period 0" # k delete pod x $nowcontainerd cli tool:
crictl ps| Flag | Protocol | IP | Port |
|---|---|---|---|
| --etcd-servers= | https:// | 127.0.0.1: | 2379 |
Check AppArmor status:
apparmor_statusCreate a folder for storing logs. Add volumeMounts and volumes in the kube-apiserver config file.
see all:
kube-bench run --targets masteror just see the one:
kube-bench run --targets master --check 1.2.20The handler for the gVisor RuntimeClass is runsc:
apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
name: gvisor
handler: runscCreate role:
kubectl -n applications create role smoke --verb=create,delete --resource=pods,deployments,statefulsetsCreate rolebinding:
kubectl -n applications create rolebinding smoke --role=smoke --user=smokeCreate view only roles for user smoke:
kubectl -n applications create rolebinding smoke-view --clusterrole view --user smoke
kubectl -n default create rolebinding smoke-view --clusterrole view --user smoke
kubectl -n kube-node-lease create rolebinding smoke-view --clusterrole view --user smoke
kubectl -n kube-public create rolebinding smoke-view --clusterrole view --user smoke