HomeCKS practice tasks › Secure API Server Authentication and Authorization
CKS · Cluster Setup

Secure API Server Authentication and Authorization

The API server is currently configured insecurely.

Solve this on a real cluster — free → All CKS tasks
🗓️ Free Task of the Week: one CKS task is unlocked free for everyone every week — no card, real cluster, auto-graded (2 tries/week). Create a free account and check whether this one is live now.

The task

Task

The API server is currently configured insecurely.

Requirements

  1. Disable anonymous access on the API server
  2. Configure authorization mode to use: Node,RBAC
  3. Enable the NodeRestriction admission controller

Ensure the API server restarts successfully and the cluster remains functional.

Exam
CKS
Domain
Cluster Setup
Grading
Programmatic · partial credit
Reference
Kubernetes docs ↗

What this tests

Lock down network access, the kubelet, API authentication, and ingress TLS, and run CIS benchmark checks. On the CKS exam, Cluster Setup tasks are graded purely on what you build in the cluster — not multiple choice — so the only way to get faster is to do them on a real cluster against a clock.

Practice it for real

prepium.sh drops you into your own isolated Kubernetes cluster in the browser — no install, no credit card. You solve the task in a real terminal, hit validate, and a programmatic checker scores exactly what you got right and wrong (with partial credit). The canonical solution unlocks after you attempt it, so you learn the fast, exam-ready way to do it.

Start free → CKS overview

Related CKS tasks

Fix Insecure Kubelet and etcd Upgrade a Worker Node by One Patch Version