Most of lab 6.6 is unsolveable

adzee95

I'm getting sick of the "intentional" ambiguity in these domain review exercises that are being swept under the rug as 'intentionally vague, no hand-holding'- I'm certain the exercises cannot be comfortably solved given the preparation. These are red herrings and intentional misdirection. Looking at other topics on the course, people seem to waste hours of precious time on these ridiculous ambiguities.

Refer to question 8: After finding the errors, log into the container and find the proper id of the nginx user - It is impossible to do this through any 'normal' means. This question has received some attention here on the forums, with the instructors refusing to give a hint, expected outcome or any justification in terms of the clearly faulty wording used in this question. First; the containers do not start, so you cannot log in. I am "smart" enough to read between the lines and remove all security context from the yaml, just so the image does start and I can actually attach a terminal to the nginx image and see the user id. If I wanna know what users are behind a process, I use ps, however that's not installed on nginx images. It took me a few hours to figure out I can simply type id nginx and see some more info. If you do that, you get the user id (101). However, using that userid on the security-review1.yaml will never, in any way, shape or form allow the container to start running, since nginx also needs root access, since we're not using the unprivileged image.

Anyways, you simply can't solve it any other way than assigning 0 (root) to the runAsUser fields in the YAML, leading to "it's root so it works, lol" or removing the security context. Both solutions do not illustrate anything covered in chapter 6, and I am left frustrated and having wasted hours on trivial wording.

So pretty pretty please, could we have a teensy tiny bit of hand-holding for this domain review? Or an actual reply actually acknowledging anything the person has written, without sweeping everything under the intentional ambiguity rug. I would really, really appreciate it if I could get even the smallest bit of support from the instructors on what went wrong with this question and at what solution is being aimed.

marksmit

I totally agree. I go through this course one day each week and I am stuck at chapter 6 for more weeks now. Today I discovered a lot of writing in the forum about 6.6 and my conclusion is that one must completely debug nginx to make this work. I still have no clear view of security because the past weeks I'm only trying to solve the escape room puzzles. I thought that basic Linux knowledge was enough for this course but I get the feeling that I need to know all kinds of quirks.

Yes, I'm frustrated and with me a lot of people are. It would be nice to see that the course's focus could be more on Kubernetes and less on nginx specifics.