Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
An organization must ensure that Kubernetes Pods subject to PCI compliance are scheduled only on designated in-scope Nodes, and that these in-scope Nodes cannot run any Pods that are not in-scope. How can this be implemented?
in-scope
A
Add a nodeSelector field to the pod configuration to only use the Nodes labeled inscope: true.
B
Create a node pool with the label inscope: true and a Pod Security Policy that only allows the Pods to run on Nodes with that label.
C
Place a taint on the Nodes with the label inscope: true and effect NoSchedule and a toleration to match in the Pod configuration.
D
Run all in-scope Pods in the namespace ג€in-scope-pciג€.
