Fix Deployment for Restricted Pod Security Standard

Namespace restricted-ns enforces the restricted Pod Security Standard. A Deployment pss-app in this namespace is currently non-compliant and its Pods cannot start.

Solve this on a real cluster — free → All CKS tasks

🗓️ Free Task of the Week: one CKS task is unlocked free for everyone every week — no card, real cluster, auto-graded (2 tries/week). Create a free account and check whether this one is live now.

The task

Task

Namespace restricted-ns enforces the restricted Pod Security Standard.

A Deployment pss-app in this namespace is currently non-compliant and its Pods cannot start.

Requirements

Update the Deployment so that its Pods comply with the restricted Pod Security Standard.

Ensure the Pods run successfully in the restricted namespace.

Exam

CKS

Domain

Minimize Microservice Vulnerabilities

Grading

Programmatic · partial credit

Reference

Kubernetes docs ↗

What this tests

Apply Pod Security Standards, securityContext, and mTLS, and protect secrets at rest. On the CKS exam, Minimize Microservice Vulnerabilities tasks are graded purely on what you build in the cluster — not multiple choice — so the only way to get faster is to do them on a real cluster against a clock.

Practice it for real

prepium.sh drops you into your own isolated Kubernetes cluster in the browser — no install, no credit card. You solve the task in a real terminal, hit validate, and a programmatic checker scores exactly what you got right and wrong (with partial credit). The canonical solution unlocks after you attempt it, so you learn the fast, exam-ready way to do it.

Start free → CKS overview