I’d like to know why the question’s right answer use apigroups: [“*”], which means “all”, but for namespaces resource apigroups: “” isn’t enough?
also why using the “–context cluster1” for the edit, isn’t it useless since the binding is already clusterwise?
thanks
Is this mock 1 in the mocks section at the end of the CKA course, or mock 1 in the Ultimate CKA mock exams (separate course)?
sorry, CKA mock exams separate course
apiGroups: "" is incorrect because apiGroups must be a list, not a single string.
student-node ~ ➜ k explain clusterrole.rules.apiGroups
GROUP: rbac.authorization.k8s.io
KIND: ClusterRole
VERSION: v1
FIELD: apiGroups <[]string>
DESCRIPTION:
APIGroups is the name of the APIGroup that contains the resources. If
multiple API groups are specified, any action requested against one of the
enumerated resources in any API group will be allowed. "" represents the
core API group and "*" represents all API groups.
apiGroups <[]string> - this means that the field apiGroups is a list (indicated by []) of strings
What is correct is either (block style)
apiGroups:
- ""
or (flow style)
apiGroups: [ "" ]
because both of these are a list containing a single entry ""
Be sure to understand all the nuances of YAML.
yes, so if i do (in my first post i forgot the dash, but it was in my answer since i’ve used the kubectl imperative command to generate the yaml, and i’ve also tested with “k auth can-i”):
apigroups:
- “”
is legit, since “namespaces” is related to core api, putting an asterisk is not the most precise way, because it’s too broad.
So then why the answer points to asterisk?
Both are technically correct. * means all apiGroups, however namespaces exists only in core, so whether it is "" or *, the access is the same with only namespaces listed as a resource. Agreed the answer probably shouldn’t put *
Ok thanks i want only confirmation…i’m approaching CKA exam and I want to be super sure of everything! 