Study/CKS CKS 시험 1차 - - CKS 시험 응시 16문제 1. ETCD CTL TLS - 참고 https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ Encrypting Secret Data at Rest This page shows how to enable and configure encryption of secret data at rest. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tuto kubernetes.io 2. CIS Bench mark 3. Trivy image scan ( 7점 ) 4. Apparmor Profile, Paser - 참고 https://kubernetes.io/docs/tutorials/security/apparmor/ Restrict a Container's Access to Resources with AppArmor FEATURE STATE: Kubernetes v1.4 [beta] AppArmor is a Linux kernel security module that supplements the standard Linux user and group based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduc kubernetes.io 5. Network policy, default deny - ingress,egress 6. Network policy, podseletor 7. secret automount = false 8. secret haking 9. RBAC, Service account, 10. Runc, gVisor, runtimeClass 11. Image policy webhook 12. Falco or Sysdig ( 13점 ) 1. Container timestamp,user.id … 13. DockerFile build (USER nobody. USERID) ( 13점 ) - Docker best practices https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ Best practices for writing Dockerfiles docs.docker.com deployment.yaml best pratices 14. security context 15. USER 10000, PriviledgeEscalation 16. ETCD 17. Audit.log - 참고18. annoymous = false, —enable-admission-plugins=NodeRestriction, -authorization-mode=Node,RBAC ( 13점 ) 공유하기 게시글 관리 yeongil Contents 댓글 0 + 이전 댓글 더보기