Certified Kubernetes Administrator (CKA) Mock Exam Series - CKA Mock Exam 3 - Question : 12

#######Question : 12#######

A service account called deploy-cka19-trb is created in cluster1 along with a cluster role called deploy-cka19-trb-role. This role should have the permissions to get all the deployments under the default namespace. However, at the moment, it is not able to.

Find out what is wrong and correct it so that the deploy-cka19-trb service account is able to get deployments under default namespace.

##############

#####DOUBT#######

As its mentioned in the question (role should have the permissions to get all the deployments under the default namespace) can we just create a rolebinding in default namesapce rather than creating a clusterrolebinding

#####DOUBT#######

Hi Abhilash,

A service account called deploy-cka19-trb is created in cluster1 along with a cluster role called deploy-cka19-trb-role.
Because the setup resource is a cluster role, that’s why we need to create a ClusterRoleBinding.

Hi,

@raymond.baoly

Does the statement ‘the role should have the permissions to get all the deployments under the default namespace’ in the question imply that there is no issue if the created rolebinding is able to provide permissions in such a way that the service account could get all deployments cluster-wide but it should be able to get the deployments in the default namespace. If so could you please explain a case when a “rolebinding” needs to be created referencing a “clusterrole” .

Hi,

That was my bad, I misunderstood. The answer is yes, we can create a RoleBinding for this case, and it will still work to pass the question. You can see the screenshot below.

1 Like

Hi,

@raymond.baoly

Thanks for your response! It helped clear up my doubt. I really appreciate your help!