Installation, Configuration, and Upgrades Questions
Practice questions for Installation, Configuration, and Upgrades topic in Kyverno Certified Associate. 36 questions covering this domain.
An operator sets `--autoUpdateWebhooks=false` to stop dynamic webhook management. What is the main consequence?
A cluster was installed from a tagged YAML release. The platform team wants to do a direct in-place upgrade by applying a newer `install.yaml` over th...
A generate rule must create Deployments, but policy installation fails because Kyverno lacks permission to create them. Which controller's aggregated ...
When Kyverno manages its own certificates and no override is set, which key algorithm is used by default?
For a production-grade Kyverno installation, which installation method is officially recommended?
A team wants Kyverno to auto-generate Kubernetes ValidatingAdmissionPolicies from `validate.cel` rules. Which controller needs extra permissions to ma...
After a fresh install, no custom certificate Secrets are present. How does Kyverno secure webhook TLS by default?
A company brings its own CA-signed Kyverno certificates as Secrets. Who is responsible for regenerating and rotating those certificates?
A production team wants a highly available Kyverno deployment. Which controller must be deployed with at least two replicas for a high-availability in...
Which Kubernetes objects does the Kyverno Cert Renewer component manage?
A Kyverno installation uses `objectSelector` to exclude resources from webhook processing. What is a known security concern with this approach?
When upgrading Kyverno using YAML manifests, what is the supported upgrade procedure?
In Kyverno 1.13, which security-related breaking change affected the default permissions of Kyverno controllers?
Which Helm value enables the optional Reports Server subchart during Kyverno installation?
What is the default webhook `failurePolicy` for Kyverno's admission webhooks?
In which Kubernetes namespace must Kyverno be installed?
A team wants to exclude the `monitoring` namespace from Kyverno admission webhook processing. Which method is recommended to avoid the risk of label s...
What is the minimum number of admission controller replicas required for a Kyverno high availability installation?
Why does the documentation recommend adding new supplemental ClusterRoles instead of editing Kyverno's default roles directly?
A cluster already contains custom Kyverno certificate Secrets with the expected names. How does Kyverno behave during startup?
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.