Lesson 12.1: Practice Exam


Question 1:

Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:

  • Deployment
  • StatefulSet
  • DaemonSet

Create a new ServiceAccount named cicd-token in the existing namespace app-team1. Bind the new ClusterRole deployment-clusterrole to the new ServiceAccount cicd-token, limit to the namespace app-team1.

Answer >

Step 1: Create ClusterRole

[root@master exam]# kubectl create clusterrole deployment-clusterrole --verb=create --resource=Deployment,StatefulSet,DaemonSet
clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created

Step 2: Create Namespace if not present and service account

[root@master exam]# kubectl create ns app-team1 
namespace/app-team1 created
 
[root@master exam]# kubectl create sa cicd-token -n app-team1 
serviceaccount/cicd-token created

Step 3: Create a rolebinding

[root@master exam]# kubectl create rolebinding deployment-clusterrole \
> --clusterrole=deployment-clusterrole \
> --serviceaccount=app-team1:cicd-token \
> --namespace=app-team1
rolebinding.rbac.authorization.k8s.io/deployment-clusterrole created
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.