Given a namespace labeled with pod-security.kubernetes.io/enforce=restricted, what will happen if a pod with a privileged container is created in that namespace?

medium📝 Command Output Q4 of 15

Kubernetes - RBAC and Security

Given a namespace labeled with pod-security.kubernetes.io/enforce=restricted, what will happen if a pod with a privileged container is created in that namespace?

AThe pod will be created without any restrictions.

BThe pod will be created but a warning will be logged.

CThe pod will be scheduled but evicted immediately.

DThe pod creation will be blocked by the Pod Security Admission Controller.

Step-by-Step Solution

Solution:

Step 1: Understand the 'restricted' profile effect
The 'restricted' profile forbids privileged containers and other risky settings.
Step 2: Apply admission controller behavior
Since the namespace enforces 'restricted', the admission controller blocks pods violating this, such as privileged containers.
Final Answer:
Pod creation is blocked due to privileged container in restricted profile. -> Option D
Quick Check:
Restricted profile blocks privileged pods [OK]

Quick Trick: Restricted profile blocks privileged pods [OK]

Common Mistakes:

Assuming pod is allowed with warning
Thinking pod is created without restriction
Confusing eviction with admission blocking

Master "RBAC and Security" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Kubernetes Quizzes

Given a namespace labeled with pod-security.kubernetes.io/enforce=restricted, what will happen if a pod with a privileged container is created in that namespace?

Step 1: Understand the 'restricted' profile effect

Step 2: Apply admission controller behavior

Final Answer:

Quick Check:

Want More Practice?