Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CKAD Preparation > Security Authorization > Flashcards

Security Authorization Flashcards

1
Q

What kind of Authorization is supported by Kubernetes?

A
  • Node
  • Attribute based access control
  • role based access control
  • webhook
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Node Authorization?

A
  • Node Authorizer handels communication from kubelet with the kube apiserver
  • everyone part of the SYSTEM:NODES group is handled by the node authorizer
  • access within the cluster
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Attribute based Authorization?

A
  • a user or a group of users receives a set of permissions
  • i.e. dev-user can view/create/delete pods
  • implemented through a policy file, with a set of policies defined in a JSON format
  • that file is passed into the kube apiserver
{"kind": "Policy", "spec": {"user": "dev-user", "namespace": "*", "resource": "pods", "apiGroup": "*"}}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a disadvantage of the abac approach?

A
  • difficult to manage
  • everytime something changes, the files need to be manually changed and the kube apiserver restarted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Role based Authorization?

A
  • a role is created with a set of permissions required for that role
  • then the users/groups are associated with that role
  • whenever a change needs to be made, only the role needs to be changed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Webhook Authorization?

A
  • used for authorization through external/third party solutions
  • kubernetes makes an api request to the open policy agent with information about the user and his access requirement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What additional Authorization Modes are available?

A
  • always allow
  • always deny

-> no authorization checks are applied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do you set the Authorization mode?

A

via –authorization-mode=…
on the kube api server

If not specified, set to always allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many Authorization modes can be set for a kube apiserver?

A

Multiple modes in comma separated list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens, when you have multiple authrization modes configured for a kuber apiserver?

A
  • request is authorized using each mode, in the specified order
  • whenever a module denies a request, the request is forwarded to the next one in the chain
  • as soon as a module approves the request no more checks are done
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CKAD Preparation (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions