U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 4 Question 77 Discussion

Create a new ServiceAccount named backend-sa in the existing namespace default, which has the capability to list the pods inside the namespace default.Create a new Pod named backend-pod in the namespace default, mount the newly created sa backend-sa to the pod, and Verify that the pod is able to list pods.Ensure that the Pod is running.
A) Explanation: A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, usingkubectl), you are authenticated by the apiserver as a particular User Account (currently this is usuallyadmin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example,default). When you create a pod, if you do not specify a service account, it is automatically assigned thedefaultservice account in the same namespace. If you get the raw json or yaml for a pod you have created (for example,kubectl get pods/ -o yaml), you can see thespec.serviceAccountNamefield has beenautomatically set. You can access the API from inside a pod using automatically mounted service account credentials, as described inAccessing the Cluster. The API permissions of the service account depend on theauthorization plugin and policyin use. In version 1.6+, you can opt out of automounting API credentials for a service account by settingautomountServiceAccountToken: falseon the service account: apiVersion: v1 kind: ServiceAccount metadata: name: build-robot automountServiceAccountToken: false ... In version 1.6+, you can also opt out of automounting API credentials for a particular pod: apiVersion: v1 kind: Pod metadata: name: my-pod spec: serviceAccountName: build-robot automountServiceAccountToken: false ... The pod spec takes precedence over the service account if both specify aautomountServiceAccountTokenvalue.

Linux Foundation CKS Exam - Topic 4 Question 77 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 77
Topic #: 4
[All CKS Questions]

Create a new ServiceAccount named backend-sa in the existing namespace default, which has the capability to list the pods inside the namespace default.

Create a new Pod named backend-pod in the namespace default, mount the newly created sa backend-sa to the pod, and Verify that the pod is able to list pods.

Ensure that the Pod is running.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Mabelle at Apr 03, 2025, 11:40 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alisha
6 months ago
Sounds cool, but I’m a bit skeptical about the security implications.
upvoted 0 times
...
Georgene
6 months ago
Yup, that's how it works! The permissions are key.
upvoted 0 times
...
Willow
7 months ago
Totally agree, it's super useful for managing permissions.
upvoted 0 times
...
William
7 months ago
Wait, can the pod really list pods with just that SA?
upvoted 0 times
...
Patti
7 months ago
Just created a ServiceAccount named backend-sa in the default namespace!
upvoted 0 times
...
Major
7 months ago
I remember that the service account needs to be linked to a role that allows listing pods. I just need to make sure I get the role binding part correct.
upvoted 0 times
...
Heike
7 months ago
I’m a bit confused about the YAML structure for the service account. I hope I can get it right during the exam.
upvoted 0 times
...
Rutha
8 months ago
I think we did a similar question where we had to create a pod with a specific service account. I hope I can recall the exact commands.
upvoted 0 times
...
Natalya
8 months ago
I remember we practiced creating service accounts, but I'm not entirely sure how to set the permissions for listing pods.
upvoted 0 times
...
Alise
8 months ago
This seems straightforward, but I want to make sure I don't miss any steps. I'll go through it carefully, creating the service account, mounting it to the pod, and then verifying the pod can list the pods in the default namespace.
upvoted 0 times
...
Veda
8 months ago
Okay, I think I've got a good strategy. First, I'll create the backend-sa service account using the kubectl create serviceaccount command. Then I'll create the backend-pod and use the serviceAccountName field to mount the backend-sa. Finally, I'll verify the pod can list the pods by running a command inside the container.
upvoted 0 times
...
Katina
8 months ago
Hmm, I'm a bit unsure about the steps here. Do I need to set any specific permissions or roles for the backend-sa service account to be able to list the pods? I'll have to double-check the documentation on that.
upvoted 0 times
...
Theola
9 months ago
This looks straightforward enough. I'll start by creating the backend-sa service account, then mount it to the backend-pod and verify the pod can list the pods in the default namespace.
upvoted 0 times
...
Glenna
1 year ago
This is a pretty straightforward question, but I can imagine it might trip up some people if they're not familiar with how ServiceAccounts work. Good thing we've got this explanation to guide us!
upvoted 0 times
...
Leoma
1 year ago
Wait, do we need to create any specific permissions or Role for the backend-sa ServiceAccount? I don't want to forget that step and end up with a non-working solution.
upvoted 0 times
Billy
12 months ago
As long as you create the ServiceAccount and mount it to the Pod, you should be good to go without any extra steps.
upvoted 0 times
...
Sena
12 months ago
The ServiceAccount will inherit the permissions of the default service account in the same namespace.
upvoted 0 times
...
Vilma
1 year ago
Just create the ServiceAccount and mount it to the Pod, it should work fine without any additional permissions.
upvoted 0 times
...
Kyoko
1 year ago
No, you don't need to create any specific permissions or Role for the backend-sa ServiceAccount. It will automatically have the default permissions.
upvoted 0 times
...
...
Alethea
1 year ago
Haha, I bet the exam question is going to be something like, 'Which command do you use to list the Pods in the default namespace?' I'm already prepared for that one!
upvoted 0 times
Leota
1 year ago
Kayleigh: You use the kubectl command to list the Pods in the default namespace.
upvoted 0 times
...
Kayleigh
1 year ago
User 2: What is it?
upvoted 0 times
...
Jina
1 year ago
User 1: I think I know the answer to that question.
upvoted 0 times
...
...
Val
1 year ago
We should make sure that the Pod is able to list pods by mounting the backend-sa to the pod.
upvoted 0 times
...
Leontine
1 year ago
Sounds good to me. As long as we follow the instructions carefully, we should be able to get this done without any issues.
upvoted 0 times
Samira
1 year ago
User 4: Finally, verify that the pod is able to list pods and ensure that it is running.
upvoted 0 times
...
Kattie
1 year ago
User 3: Next, we need to create a new Pod named backend-pod and mount the backend-sa to it.
upvoted 0 times
...
Joanna
1 year ago
User 2: Make sure to grant it the capability to list pods in the default namespace.
upvoted 0 times
...
Sharika
1 year ago
User 1: Let's create a new ServiceAccount named backend-sa in the default namespace.
upvoted 0 times
...
...
Eva
1 year ago
Yes, and we also need to create a new Pod named backend-pod in the default namespace.
upvoted 0 times
...
Val
1 year ago
I think we need to create a new ServiceAccount named backend-sa in the default namespace.
upvoted 0 times
...
Norah
1 year ago
Okay, let's see if I understand this correctly. We need to create a new ServiceAccount named backend-sa in the default namespace, and then mount that ServiceAccount to a new Pod named backend-pod. The goal is to verify that the Pod can list the Pods in the default namespace.
upvoted 0 times
Camellia
1 year ago
Make sure to check that the Pod is running successfully.
upvoted 0 times
...
Elenor
1 year ago
After that, we can verify if the Pod is able to list the Pods in the default namespace.
upvoted 0 times
...
Carlota
1 year ago
Next, we need to create a Pod named backend-pod and mount the backend-sa ServiceAccount to it.
upvoted 0 times
...
Nieves
1 year ago
Let's start by creating the ServiceAccount backend-sa in the default namespace.
upvoted 0 times
...
Truman
1 year ago
Make sure to check that the Pod is running successfully.
upvoted 0 times
...
Santos
1 year ago
After that, we can verify if the Pod is able to list the Pods in the default namespace.
upvoted 0 times
...
Yuonne
1 year ago
Next, we need to create a Pod named backend-pod and mount the backend-sa ServiceAccount to it.
upvoted 0 times
...
Leatha
1 year ago
Let's start by creating the ServiceAccount backend-sa in the default namespace.
upvoted 0 times
...
...

Save Cancel