Linux Foundation CKS Exam - Topic 1 Question 56 Discussion
Create a User named john, create the CSR Request, fetch the certificate of the user after approving it.Create a Role name john-role to list secrets, pods in namespace johnFinally, Create a RoleBinding named john-role-binding to attach the newly created role john-role to the user john in the namespace john.
To Verify:Use the kubectl auth CLI command to verify the permissions.
A) Explanation:
se kubectl to create a CSR and approve it.
Get the list of CSRs:
kubectl get csr
Approve the CSR:
kubectl certificate approve myuser
Get the certificate
Retrieve the certificate from the CSR:
kubectl get csr/myuser -o yaml
here are the role and role-binding to give john permission to create NEW_CRD resource:
kubectl apply -f roleBindingJohn.yaml --as=john
rolebinding.rbac.authorization.k8s.io/john_external-rosource-rb created
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: john_crd
namespace: development-john
subjects:
- kind: User
name: john
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: crd-creation
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: crd-creation
rules:
- apiGroups: ['kubernetes-client.io/v1']
resources: ['NEW_CRD']
verbs: ['create, list, get']
Kenneth
7 months agoDenise
7 months agoAnastacia
7 months agoTommy
7 months agoRomana
8 months agoWillard
8 months agoMee
8 months agoRosalyn
8 months agoUlysses
8 months agoTheola
8 months agoKimbery
8 months agoCory
8 months agoDiego
8 months agoNan
9 months agoVeronika
9 months agoCarman
9 months agoRosalia
1 year agoHaydee
1 year agoAvery
1 year agoGilbert
12 months agoKiley
1 year agoPearly
1 year agoLayla
1 year agoSamira
1 year agoFlorinda
12 months agoMicah
12 months agoClay
12 months agoMelodie
1 year agoHelene
1 year agoMelodie
1 year ago