Lesson 12.1: Practice Exam
Question 1:
Create a new ClusterRole named deployment-clusterrole
, which only allows to create
the following resource types:
- Deployment
- StatefulSet
- DaemonSet
Create a new ServiceAccount named cicd-token
in the existing namespace app-team1
.
Bind the new ClusterRole deployment-clusterrole
to the new ServiceAccount cicd-token
, limit to the namespace app-team1
.
Answer >
Step 1: Create ClusterRole
[root@master exam]# kubectl create clusterrole deployment-clusterrole --verb=create --resource=Deployment,StatefulSet,DaemonSet
clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created
Step 2: Create Namespace if not present and service account
[root@master exam]# kubectl create ns app-team1
namespace/app-team1 created
[root@master exam]# kubectl create sa cicd-token -n app-team1
serviceaccount/cicd-token created
Step 3: Create a rolebinding
- https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-rolebinding
- As rolebinding name is not provided, you should use the name of the clusterrole created for the rolebinding name.
[root@master exam]# kubectl create rolebinding deployment-clusterrole \
> --clusterrole=deployment-clusterrole \
> --serviceaccount=app-team1:cicd-token \
> --namespace=app-team1
rolebinding.rbac.authorization.k8s.io/deployment-clusterrole created