1. For the first few questions of this lab, you would have to inspect the existing ClusterRoles and ClusterRoleBindings that have been created in this cluster.
: 이번 cluster Roles 에 대한 개요 설명
A) ok
2.How many ClusterRoles do you see defined in the cluster?
k get clusterrole --no-header | wc -l
A) 69
3. How many ClusterRoleBindings exist on the cluster?
k get ClusterRoleBindings --no-headers | wc -l
A) 54
4. What namespace is the cluster-admin clusterrole part of?
k describe clusterrole cluster-admin
A) Cluster roles are cluster wide and not part of any namespace
5.What user/groups are the cluster-admin role bound to?
The ClusterRoleBinding for the role is with the same name.
kubectl describe clusterrolebinding cluster-admin
A) system:masters
6.What level of permission does the cluster-admin role grant? Inspect the cluster-admin role's privileges.
:: 확인 필요
A) perform ~~~
7.A new user michelle joined the team. She will be focusing on the nodes in the cluster. Create the required ClusterRoles and ClusterRoleBindings so she gets access to the nodes.
- Grant permission to access nodes
k create clusterrole michelle --verb=list --resource=node
k create clusterrolebinding michelle --clusterrole=michelle --user=michelle
A) ok
8.michelle's responsibilities are growing and now she will be responsible for storage as well. Create the required ClusterRoles and ClusterRoleBindings to allow her access to Storage.
Get the API groups and resource names from command kubectl api-resources. Use the given spec:
-
ClusterRole: storage-admin
-
Resource: persistentvolumes
-
Resource: storageclasses
-
ClusterRoleBinding: michelle-storage-admin
-
ClusterRoleBinding Subject: michelle
-
ClusterRoleBinding Role: storage-admin
# k create clusterrole storage-admin --resource=pv,sc --verb=create,list,delete --dry-run=client -o yaml > storageclasses.yaml
# k apply -f storageclasses.yaml
# k create clusterrolebinding michelle-storage-admin --clusterrole=storage-admin --user=michelle --dry-run=client -o yaml > michelle-storage-admin.yaml
# k apply -f michelle-storage-admin.yaml
A) ok
'cloud > k8s(문제풀이)' 카테고리의 다른 글
| [cka]kodekloud-Image Security (0) | 2022.06.29 |
|---|---|
| [cka]kodekloud-service Accounts (마지막문제다시) (0) | 2022.06.29 |
| [cka]kodekloud-Based Access controls (0) | 2022.06.28 |
| [cka]kodekloud-kubeconfig (마지막문제 ..) (0) | 2022.06.27 |
| [cka]kodekloud-certificates API (0) | 2022.06.27 |
