Kubernetesdevops~30 mins

Pod security admission controller in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Pod Security Admission Controller Setup in Kubernetes

📖 Scenario: You are a Kubernetes administrator tasked with securing your cluster by enforcing pod security standards. You will configure the Pod Security Admission Controller to apply a baseline security policy to all pods in a specific namespace.

🎯 Goal: Set up a namespace with a Pod Security Admission Controller label to enforce the baseline security policy, then create a pod that complies with this policy, and finally verify the pod runs successfully.

📋 What You'll Learn

Create a namespace called secure-namespace

Add a Pod Security Admission Controller label to enforce the baseline policy in secure-namespace

Create a pod manifest named nginx-pod.yaml that runs an nginx container

Deploy the pod in secure-namespace and verify it is running

💡 Why This Matters

🌍 Real World

Pod Security Admission Controller helps Kubernetes administrators enforce security standards automatically on pods, reducing risks from insecure configurations.

💼 Career

Understanding and configuring Pod Security Admission Controller is essential for Kubernetes cluster security roles and DevOps engineers managing secure container deployments.

Progress0 / 4 steps

Create the secure-namespace namespace

Create a Kubernetes namespace called secure-namespace using the kubectl command.

Kubernetes

# Your code here

Need a hint?

Use kubectl create namespace secure-namespace to create the namespace.

Label the namespace to enforce the baseline Pod Security Admission policy

Add the label pod-security.kubernetes.io/enforce=baseline to the secure-namespace namespace using kubectl label namespace.

Kubernetes

kubectl create namespace secure-namespace
# Your code here

Need a hint?

Use kubectl label namespace secure-namespace pod-security.kubernetes.io/enforce=baseline to add the label.

Create a pod manifest nginx-pod.yaml with an nginx container

Write a pod manifest named nginx-pod.yaml with these exact contents:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  namespace: secure-namespace
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80

Kubernetes

kubectl create namespace secure-namespace
kubectl label namespace secure-namespace pod-security.kubernetes.io/enforce=baseline
# Your code here

Need a hint?

Make sure the pod manifest has the exact fields and values as shown.

Deploy the pod and verify it is running

Apply the nginx-pod.yaml manifest using kubectl apply -f nginx-pod.yaml and then run kubectl get pods -n secure-namespace to check the pod status. The output should show nginx-pod with status Running.

Kubernetes

kubectl create namespace secure-namespace
kubectl label namespace secure-namespace pod-security.kubernetes.io/enforce=baseline

# Create nginx-pod.yaml file with the following content
apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  namespace: secure-namespace
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80

# Your code here

Need a hint?

Use kubectl apply -f nginx-pod.yaml to deploy and kubectl get pods -n secure-namespace to check status.