CKA Mock Exam 2: Question 2 Misleading Task

michael.gonza.4283 · May 29, 2024, 10:51pm

I notice that in this question they want us to update the permissions for the service account to get pods ONLY in the default namespace. I updated the permissions for the cluster role but this will allow the service account to get all pods in all namespaces in the cluster. The only way to limit the permissions to one namespace would be to change the resources to role and role bindings. I ended up getting the question correct regardless of the service account allowed to get pods in all namespaces when using cluster role and cluster role bindings.

Can someone please advise on this?

Thank you!

rob_kodekloud · May 30, 2024, 1:00am

Yes, you are correct here: you’d need to swap out the clusterrolebinding for a rolebinding in namespace default. I’ve reported this to the lab team. This was wrong in the old version of UME, and it’s still wrong now.

michael.gonza.4283 · May 30, 2024, 6:06pm

Thank you for the quick turn around Rob! Is there a place where there are known bugs documented with the CKA mock labs? Just want to make sure I am not doing something wrong and the lab is marking it correct. Thanks again for your help.