CKS related questions

elango.boopathy · December 16, 2023, 1:04pm

Hi Team,

Best practices in Docker Image and deployment manifest file.
Dockerfile includes image with latest tag image and also some token which is also hardcoded inside the image file. So I believe token needs to be removed from image and should be passed as ENV variable ? and where to get the list of docker file best practices ?

Also for Deployment file, there is a security context with below : allowPrivilegeEscalation: true and readOnlyRootFilesystem: false

so here drop means the below capabilities are not included inside the container ?

securityContext:
  allowPrivilegeEscalation: true
  readOnlyRootFilesystem: false
  capabilities:
    drop: ["NET_ADMIN", "SYS_TIME"]

Thanks,
Elango Boopathy.

Alistair_KodeKloud · December 16, 2023, 3:58pm

We cannot discuss exam questions. This is in violation of Linux Foundation’s Non-Disclosure Agreement

elango.boopathy · December 16, 2023, 4:02pm

Sure. I have updated the Description, summary etc.
could you please explain now ?

Alistair_KodeKloud · December 16, 2023, 4:10pm

I still can’t give you a direct answer to all of this, but you can look at

Dropping a capability means removing it.

elango.boopathy · December 16, 2023, 4:59pm

Thanks @Alistair_KodeKloud