Linux Foundation Exam CKS Topic 1 Question 26 Discussion

Actual exam question for Linux Foundation's Certified Kubernetes Security Specialist exam

Question #: 26
Topic #: 1

[All Certified Kubernetes Security Specialist Questions]

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context qa

Context:

A pod fails to run because of an incorrectly specified ServiceAccount

Task:

Create a new service account named backend-qa in an existing namespace qa, which must not have access to any secret.

Edit the frontend pod yaml to use backend-qa service account

Note:You can find the frontend pod yaml at /home/cert_masters/frontend-pod.yaml

AExplanation:
[desk@cli] $k create sa backend-qa -n qa
sa/backend-qa created
[desk@cli] $k get role,rolebinding -n qa
No resources found in qa namespace.
[desk@cli] $k create role backend -n qa --resource pods,namespaces,configmaps --verb list
#No access to secret
[desk@cli] $k create rolebinding backend -n qa --role backend --serviceaccount qa:backend-qa
[desk@cli] $vim /home/cert_masters/frontend-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
serviceAccountName: backend-qa # Add this
image: nginx
name: frontend
[desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml
pod created
[desk@cli] $k create sa backend-qa -n qa
serviceaccount/backend-qa created
[desk@cli] $k get role,rolebinding -n qa
No resources found in qa namespace.
[desk@cli] $k create role backend -n qa --resource pods,namespaces,configmaps --verb list
role.rbac.authorization.k8s.io/backend created
[desk@cli] $k create rolebinding backend -n qa --role backend --serviceaccount qa:backend-qa
rolebinding.rbac.authorization.k8s.io/backend created
[desk@cli] $vim /home/cert_masters/frontend-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
serviceAccountName: backend-qa # Add this
image: nginx
name: frontend
[desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml
pod/frontend created

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
pod/frontend created
[desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml
pod/frontend created

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

Show Suggested Answer

Suggested Answer: A

by Izetta at Jun 27, 2022, 11:51 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!