U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Linux Foundation CKS Exam - Topic 1 Question 26 Discussion

You can switch the cluster/configuration context using the following command:[desk@cli] $kubectl config use-context qaContext:A pod fails to run because of an incorrectly specified ServiceAccountTask:Create a new service account named backend-qa in an existing namespace qa, which must not have access to any secret.Edit the frontend pod yaml to use backend-qa service accountNote:You can find the frontend pod yaml at /home/cert_masters/frontend-pod.yaml
A) Explanation: [desk@cli] $k create sa backend-qa -n qa sa/backend-qa created [desk@cli] $k get role,rolebinding -n qa No resources found in qa namespace. [desk@cli] $k create role backend -n qa --resource pods,namespaces,configmaps --verb list #No access to secret [desk@cli] $k create rolebinding backend -n qa --role backend --serviceaccount qa:backend-qa [desk@cli] $vim /home/cert_masters/frontend-pod.yaml apiVersion: v1 kind: Pod metadata: name: frontend spec: serviceAccountName: backend-qa # Add this image: nginx name: frontend [desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml pod created [desk@cli] $k create sa backend-qa -n qa serviceaccount/backend-qa created [desk@cli] $k get role,rolebinding -n qa No resources found in qa namespace. [desk@cli] $k create role backend -n qa --resource pods,namespaces,configmaps --verb list role.rbac.authorization.k8s.io/backend created [desk@cli] $k create rolebinding backend -n qa --role backend --serviceaccount qa:backend-qa rolebinding.rbac.authorization.k8s.io/backend created [desk@cli] $vim /home/cert_masters/frontend-pod.yaml apiVersion: v1 kind: Pod metadata: name: frontend spec: serviceAccountName: backend-qa # Add this image: nginx name: frontend [desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml pod/frontend created https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ pod/frontend created [desk@cli] $k apply -f /home/cert_masters/frontend-pod.yaml pod/frontend created https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

Linux Foundation CKS Exam - Topic 1 Question 26 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 26
Topic #: 1
[All CKS Questions]

You can switch the cluster/configuration context using the following command:

[desk@cli] $kubectl config use-context qa

Context:

A pod fails to run because of an incorrectly specified ServiceAccount

Task:

Create a new service account named backend-qa in an existing namespace qa, which must not have access to any secret.

Edit the frontend pod yaml to use backend-qa service account

Note:You can find the frontend pod yaml at /home/cert_masters/frontend-pod.yaml

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

0/2000 characters
Buck
7 months ago
I thought you could just add permissions later if needed?
upvoted 0 times
...
Ellen
8 months ago
Agreed, but it's a good security practice!
upvoted 0 times
...
Moon
8 months ago
Wait, why can't it access secrets? Seems limiting.
upvoted 0 times
...
Kizzy
8 months ago
Nice! That role binding looks good too.
upvoted 0 times
...
Izetta
8 months ago
Just created a service account named backend-qa in the qa namespace.
upvoted 0 times
...
Emiko
8 months ago
I definitely remember editing the pod YAML to set the service account, but I hope I don't forget to apply the changes afterward!
upvoted 0 times
...
Eun
8 months ago
I feel like I might have mixed up the permissions for the role. I know we need to exclude secrets, but did I get the verbs right?
upvoted 0 times
...
Tammy
8 months ago
I practiced something similar last week, but I can't recall if I need to specify the namespace in the rolebinding command.
upvoted 0 times
...
Francene
9 months ago
I think I remember that creating a service account is done with `kubectl create sa`, but I'm not sure about the exact syntax for the role and rolebinding.
upvoted 0 times
...
Lauran
9 months ago
Hmm, I'm a bit unsure about this one. I know the SIP domain is important for SIP trunking, but I can't quite remember where it needs to be configured in the SAT forms.
upvoted 0 times
...
Maryann
9 months ago
I'm pretty sure this is asking about use case development, so the answer is probably related to the types of tests or scenarios that come out of that process. I'm leaning towards "Scenarios" as the best answer.
upvoted 0 times
...
Veronika
9 months ago
Okay, let me see. I think the key here is that the question is asking about a hotel plan that includes both the room and all meals. Based on that, I'm going to go with "inclusive plan".
upvoted 0 times
...

Save Cancel