1.Inspect the environment and identify the authorization modes configured on the cluster.
Check the kube-apiserver settings.
k describe pod kube-apiserver-controlplane -n kube-system
A) Node, RBAC
2. How many roles exist in the default namespace?
k get roles
A) 0
3.How many roles exist in all namespaces together?
kubectl get roles -A
A) 12
4. What are the resources the kube-proxy role in the kube-system namespace is given access to?
kubectl describe role kube-proxy -n kube-system
A) configmaps
5.What actions can the kube-proxy role perform on configmaps?
kubectl describe role kube-proxy -n kube-system
A) get
6. Which of the following statements are true?
A) kube-proxy role can get details of configmap object by the name kube-proxy only
7. Which account is the kube-proxy role assigned to?
kubectl describe rolebinding kube-proxy -n kube-system
A) Group: system:bootstrappers:kubeadm:default-node-toke
8.A user dev-user is created. User's details have been added to the kubeconfig file. Inspect the permissions granted to the user. Check if the user can list pods in the default namespace.
Use the --as dev-user option with kubectl to run commands as the dev-user.
kubectl get pods --as dev-user
A) dev-user does not have permissions to list pods
9.Create the necessary roles and role bindings required for the dev-user to create, list and delete pods in the default namespace.
Use the given spec:
-
Role: developer
-
Role Resources: pods
-
Role Actions: list
-
Role Actions: create
-
Role Actions: delete
-
RoleBinding: dev-user-binding
-
RoleBinding: Bound to dev-user
k create role developer --namespace=default --verb=list,create,delete --resource=pods
k create rolebinding dev-user-binding --namespace=default --role=developer --user=dev-user
10. A set of new roles and role-bindings are created in the blue namespace for the dev-user. However, the dev-user is unable to get details of the dark-blue-app pod in the blue namespace. Investigate and fix the issue.
We have created the required roles and rolebindings, but something seems to be wrong.
- Issue Fixed
k edit roles developer -n blue
11.Add a new rule in the existing role developer to grant the dev-user permissions to create deployments in the blue namespace.
Remember to add api group "apps".
- Permission added to create deployment
k edit role developer
k create rolebinding developer-binding --namespace=blue --user=dev-user --role=developer
'cloud > k8s(문제풀이)' 카테고리의 다른 글
| [cka]kodekloud-service Accounts (마지막문제다시) (0) | 2022.06.29 |
|---|---|
| [cka] kodekloud-cluster Roles (0) | 2022.06.28 |
| [cka]kodekloud-kubeconfig (마지막문제 ..) (0) | 2022.06.27 |
| [cka]kodekloud-certificates API (0) | 2022.06.27 |
| [cka]kodekloud-CERTIFICATE DETAILS (0) | 2022.06.27 |
