FreeCram
  1. Home
  2. Linux Foundation
  3. Certified Kubernetes Administrator (CKA) Program Exam
  4. LinuxFoundation.CKA.v2021-07-16.q22
  5. Question 21
<< Prev Question Next Question >>

Question 21/22

Score: 4%

Context
You have been asked to create a new ClusterRole for a deployment pipeline and bind it to a specific ServiceAccount scoped to a specific namespace.
Task
Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:
* Deployment
* StatefulSet
* DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Bind the new ClusterRole deployment-clusterrole lo the new ServiceAccount cicd-token , limited to the namespace app-team1.

Recent Comments (The most recent comments are at the top.)

Abhay - Aug 15, 2022

kubectl create serviceaccount cicd-token --namespace=app-team1


kubectl create clusterrole deployment-clusterrole --verb=create --resource=Deployment,statefulset,daemonsets




kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token

root@controlplane ~ ➜ kubectl auth can-i create Deployment --as=system:serviceaccount:app-team1:cicd-token
yes

VIJAYARAGAVAN - May 12, 2022

i have done rolebinding but its not working. how we have to test with kubectl auth can-i create deployments --as=system:serviceaccount

kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole
--serviceaccount=default:cicd-token --namespace=app-team1

please suggest which one is the right one.

VIJAYARAGAVAN - May 09, 2022

so what we have to mention in rolebinding (name) its same name ? deployment-clusterrole

Taras - May 02, 2022

should be --serviceaccount=app-team1:cicd-token not --serviceaccount=default:cicd-token as you created serviceaccount in namespace app-team1

Gokul Veeramani - Jan 03, 2022

as the question say limited to the namespace so u cant use clusterrolebinding

Kalyan S - Dec 28, 2021

Last command should say clusterrolebinding - not rolebding. Also, there is no need to specify the namespace.

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (22q)
Question 1: Score: 7% (Exhibit) Task Given an existing Kubernetes cluste...
2 commentQuestion 2: Score: 5% (Exhibit) Task From the pod label name=cpu-utilize...
1 commentQuestion 3: Score: 4% (Exhibit) Task Check to see how many nodes are rea...
Question 4: Monitor the logs of pod foo and: Extract log lines correspon...
Question 5: Schedule a pod as follows: Name: nginx-kusc00101 Image: ngin...
Question 6: List all persistent volumes sorted by capacity, saving the f...
Question 7: Create a file: /opt/KUCC00302/kucc00302.txt that lists all p...
Question 8: Create a pod as follows: Name: non-persistent-redis containe...
Question 9: List "nginx-dev" and "nginx-prod" pod and delete those pods...
Question 10: Perform the following tasks: Add an init container to hungry...
Question 11: Score: 13% (Exhibit) Task A Kubernetes worker node, named wk...
Question 12: For this item, you will have to ssh and complete all tasks o...
1 commentQuestion 13: Given a partially-functioning Kubernetes cluster, identify s...
1 commentQuestion 14: Score: 4% (Exhibit) Task Set the node named ek8s-node-1 as u...
Question 15: Configure the kubelet systemd- managed service, on the node ...
Question 16: Create a pod that echo "hello world" and then exists. Have t...
3 commentQuestion 17: Score:7% (Exhibit) Task Create a new PersistentVolumeClaim *...
Question 18: Get list of all pods in all namespaces and write it to file ...
Question 19: Create a pod named kucc8 with a single app container for eac...
Question 20: Create a Kubernetes secret as follows: Name: super-secret pa...
6 commentQuestion 21: Score: 4% (Exhibit) Context You have been asked to create a ...
3 commentQuestion 22: Score: 7% (Exhibit) Task Reconfigure the existing deployment...