How to use the mounted ServiceAccount token from inside a Kubernetes pod to authenticate against the Kubernetes API.

Best practices for securing the Docker daemon, including using TLS and avoiding insecure remote access.

How to configure Kubernetes RuntimeClass resources for gVisor and Kata containers to run workloads in sandboxed runtimes.

ResourceQuota — practical walkthrough with examples.

ReadOnlyRootFilesystem — practical walkthrough with examples.

How to enable the PodSecurityPolicy admission controller in the Kubernetes API server, create a policy, and bind it to a service account.

Kubernetes node affinity example that schedules pods only on nodes matching a specific label using requiredDuringSchedulingIgnoredDuringExecution.

Kubernetes NetworkPolicy examples for controlling ingress and egress traffic to pods using label selectors and port rules.

Kubernetes multi-container pod example using a sidecar pattern with a Filebeat log collector alongside an event simulator application.

CKA Mock Test 3 solutions covering multi-container pods, security contexts, network policies, and pod tolerations.