How would you use a Kubernetes Admission Controller as CI/CD security gate?
Tests pre-deployment enforcement via admission webhooks. Strong answers: ValidatingAdmissionWebhooks blocking bad manifests, Pod Security Standards restricted profiles, and OPA/Gatekeeper for image signatures. Red flag: confusing with RBAC or runtime scanning.
Tests whether you understand preventive controls by enforcing security at deployment time with Kubernetes admission webhooks. A strong answer names ValidatingAdmissionWebhooks to block non-compliant manifests before they reach etcd, cites Pod Security Standards with restricted profiles, and layers OPA/Gatekeeper or Kyverno for custom policies like image signature verification, mandatory resource limits, and banned latest tags.
Read the original → kubernetes.io
- #kubernetes
- #security
- #cicd
- #admission controllers
- #devops
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.