Hardening Default GKE Cluster Configurations Reviews

Thosan G. · Reviewed 12 месяцев ago

Mykhailo S. · Reviewed 12 месяцев ago

Mykhailo S. · Reviewed 12 месяцев ago

Task 7 Error

bayu m. · Reviewed 12 месяцев ago

Fandi H. · Reviewed 12 месяцев ago

nice

bayu m. · Reviewed 12 месяцев ago

error in task#7

Hapid R. · Reviewed 12 месяцев ago

Fandi H. · Reviewed 12 месяцев ago

error trying to implement Task 7.....error: resource mapping not found for name: "restrictive-psp" namespace: "" from "STDIN": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first

Randyansyah .. · Reviewed 12 месяцев ago

Bruno F. · Reviewed 12 месяцев ago

As others have said. Task 7 is error. Solution " gcloud container clusters create simplecluster --zone $MY_ZONE --cluster-version 1.21.14-gke.18100 --num-nodes 2 --metadata=disable-legacy-endpoints=false " do this in step Task 1

Muhammad Ilham Akbar S. · Reviewed 12 месяцев ago

Edwin T. · Reviewed 12 месяцев ago

Bruno F. · Reviewed 12 месяцев ago

service account v1 beta is deprecated and removed on kubernetes v1.25

Bas T. · Reviewed 12 месяцев ago

Bryan P. · Reviewed 12 месяцев ago

Reza K. · Reviewed 12 месяцев ago

Rafi A. · Reviewed 12 месяцев ago

Lab cannot be completed because step 7 is outdated.

Wolfgang G. · Reviewed 12 месяцев ago

Rafael F. · Reviewed 12 месяцев ago

finally finish.. huft

HAIDAR W. · Reviewed 12 месяцев ago

David A. · Reviewed 12 месяцев ago

Lab is using PodSecurityPolicies which are deprecated and even no longer available at all on the kubernetes version running in GCP currently. Not possible to complete with 100% rate.

Maximilian W. · Reviewed 12 месяцев ago

cant finish this labb bcs the instruction is deprecated!!!

HAIDAR W. · Reviewed 12 месяцев ago

THANK YOU FOR WASTING MY TIME!! PLEASE CHECK ALL THE DEPRECATED DEPENDENCY!!! cat <<EOF | kubectl apply -f - --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restrictive-psp annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' spec: privileged: false # Required to prevent escalations to root. allowPrivilegeEscalation: false # This is redundant with non-root + disallow privilege escalation, # but we can provide it for defense in depth. requiredDropCapabilities: - ALL # Allow core volume types. volumes: - 'configMap' - 'emptyDir' - 'projected' - 'secret' - 'downwardAPI' # Assume that persistentVolumes set up by the cluster admin are safe to use. - 'persistentVolumeClaim' hostNetwork: false hostIPC: false hostPID: false runAsUser: # Require the container to run without root privileges. rule: 'MustRunAsNonRoot' seLinux: # This policy assumes the nodes are using AppArmor rather than SELinux. rule: 'RunAsAny' supplementalGroups: rule: 'MustRunAs' ranges: # Forbid adding the root group. - min: 1 max: 65535 fsGroup: rule: 'MustRunAs' ranges: # Forbid adding the root group. - min: 1 max: 65535 EOF

Astawan Z. · Reviewed 12 месяцев ago

cant finish this labb bcs the instruction is deprecated!!!

HAIDAR W. · Reviewed 12 месяцев ago