[cka]kodekloud-service Accounts (마지막문제다시)

1. How many Service Accounts exist in the default namespace?

k get serviceaccounts

A) 1 

 

2.What is the secret token used by the default service account?

kubectl describe serviceaccount default

A) default-token-kqhgp

 

3. We just deployed the Dashboard application. Inspect the deployment. What is the image used by the deployment?

kubectl describe deployment

A) gcr.io/kodekloud/customimage/my-kubernetes-dashboard

 

4.Wait for the deployment to be ready. Access the custom-dashboard by clicking on the link to dashboard portal.

A) ok

 

5.What is the state of the dashboard? Have the pod details loaded successfully?

 

A) Failed

 

6.What type of account does the Dashboard application use to query the Kubernetes API?

A) Service Account

 

7.Which account does the Dashboard application use to query the Kubernetes API?

k describe serviceaccounts default

A) default

 답은 맞는데 풀이 방식이 맞나 ?

 

8.Inspect the Dashboard Application POD and identify the Service Account mounted on it.

A) default

 

9.At what location is the ServiceAccount credentials available within the pod?

 

A) /var/run/secrets

 

10.The application needs a ServiceAccount with the Right permissions to be created to authenticate to Kubernetes. The default ServiceAccount has limited access. Create a new ServiceAccount named dashboard-sa.

• Service Account Name: dashboard-sa

kubectl create serviceaccount dashboard-sa
k get serviceaccount

A) check

 

11.We just added additional permissions for the newly created dashboard-sa account using RBAC.

If you are interested checkout the files used to configure RBAC at /var/rbac. We will discuss RBAC in a separate section.

 

A) ok

 

12.Enter the access token in the UI of the dashboard application. Click Load Dashboard button to load Dashboard

Retrieve the Authorization token for the newly created service account , copy it and paste it into the token field of the UI.

To do this, run kubectl describe against the secret created for the dashboard-sa service account, copy the token and paste it in the UI.

A) ok

 

13.You shouldn't have to copy and paste the token each time. The Dashboard application is programmed to read token from the secret mount location. However currently, the default service account is mounted. Update the deployment to use the newly created ServiceAccount

Edit the deployment to change ServiceAccount from default to dashboard-sa

 

CheckCompleteIncomplete

• Deployment name: web-dashboard

• Service Account: dashboard-sa

• Deployment Ready

????