Exercise 6.6: Domain Review

  1. Create a new deployment which uses the nginx image

  2. Create a new LoadBalancer service to expose the newly created deployment. Test that it works

  3. Create a new NetworkPolicy called netblock which blocks all traffic to pods in this deployment only. Test that all traffic is blocked to deployment

  4. Update the netblock policy to allow traffic to the pod on port 80 only. Test that you can access the default nginx web page

  5. Find and use the security-review1.yaml file to create a pod

    kubectl apply -f \
https://raw.githubusercontent.com/youngwjung/lf-training/main/LFD459/v1.24.1/solutions/s_06/security-review1.yaml

  6. View the status of the pod

  7. Use the following commands to figure out why the pod has issues

    kubectl get pod securityreview
kubectl describe pod securityreview
kubectl logs securityreview

  8. After finding the errors, log into the container and find the proper id of the nginx user

  9. Edit the yaml and re-create the pod such that the pod runs without error

  10. Create a new serviceAccount called securityaccount

  11. Create a ClusterRole named secrole which only allows create, delete, and list of pods in all apiGroups

  12. Bind the clusterRole to the serviceAccount

  13. Locate the token of the securityaccount. Create a file called /tmp/securitytoken. Put only the value of token: is equal to, a long string that may start with eyJh and be several lines long. Careful that only that string exists in the file

  14. Remove any resources you have added during this review

PreviousExercise 6.5: Testing the PolicyNextCHAPTER 7. EXPOSING APPLICATIONS

Last updated