Secure ServiceAccount Token Mounting Using Projected Volumes
Enforce Kubernetes security best practices by disabling automatic ServiceAccount token mounting and providing a short-lived projected token to the application Pod.
Focused hands-on problems designed to help you hone your DevOps or Server Side skills. Some challenges are more educational, while others are based on real-world scenarios. The platform provides hints and feedback for each challenge, including automated solution checks.
Enforce Kubernetes security best practices by disabling automatic ServiceAccount token mounting and providing a short-lived projected token to the application Pod.
Create a Pod that does not mount the default ServiceAccount token, preventing it from accessing the Kubernetes API server.
Two monitoring applications are failing due to missing RBAC permissions. Fix both by creating ServiceAccounts, Roles, and RoleBindings.
Create a ServiceAccount with permissions to access only that specific Secret using RBAC resourceNames restriction.
A Deployment is failing because its ServiceAccount lacks permissions to list pods. Fix the issue by binding an existing Role to the ServiceAccount.
Identify the Secret linked to a ServiceAccount, extract and decode the Base64-encoded token, and verify it contains a valid JWT structure.