Complete the code to specify the isolation level for a tenant in a Kubernetes namespace.
kubectl create namespace [1]Creating a dedicated namespace like tenant-isolation helps isolate tenant resources in Kubernetes.
Complete the command to apply a network policy that isolates tenant pods.
kubectl apply -f [1]The file tenant-isolation-network.yaml contains the network policy to isolate tenant pods.
Fix the error in the resource quota definition for tenant isolation.
"" apiVersion: v1 kind: ResourceQuota metadata: name: tenant-quota namespace: tenant-namespace spec: hard: pods: [1] """
The value for resource quota must be an integer without quotes, so 10 is correct.
Fill both blanks to create a pod security policy that restricts privilege escalation.
"" apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: [1] spec: allowPrivilegeEscalation: [2] """
Using tenant-psp as the policy name and setting allowPrivilegeEscalation to false restricts privilege escalation for tenant pods.
Fill all three blanks to define a Kubernetes RoleBinding for tenant access control.
"" apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: [1] namespace: [2] subjects: - kind: User name: [3] roleRef: kind: Role name: tenant-role apiGroup: rbac.authorization.k8s.io """
The RoleBinding named tenant-access in tenant-namespace grants the tenant-user access via the tenant-role.