0
0
Kubernetesdevops~20 mins

RoleBindings and ClusterRoleBindings in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
RBAC Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Difference between RoleBinding and ClusterRoleBinding

Which statement correctly describes the difference between a RoleBinding and a ClusterRoleBinding in Kubernetes?

ARoleBinding is deprecated; ClusterRoleBinding is the only supported binding type.
BRoleBinding grants permissions cluster-wide; ClusterRoleBinding grants permissions within a specific namespace.
CRoleBinding and ClusterRoleBinding both grant permissions only within a namespace but differ in API versions.
DRoleBinding grants permissions within a specific namespace; ClusterRoleBinding grants permissions cluster-wide.
Attempts:
2 left
💡 Hint

Think about the scope of permissions each binding type controls.

💻 Command Output
intermediate
1:30remaining
kubectl command output for RoleBinding listing

What is the output of the command kubectl get rolebindings -n dev if there is one RoleBinding named read-pods in the dev namespace?

Kubernetes
kubectl get rolebindings -n dev
A
NAME        ROLE                 AGE
read-pods   Role/read-pods-role   10d
B
NAME        CLUSTERROLE          AGE
read-pods   ClusterRole/read-pods 10d
CNo resources found in dev namespace.
Derror: the server doesn't have a resource type "rolebindings"
Attempts:
2 left
💡 Hint

Consider the resource type and namespace specified in the command.

Configuration
advanced
2:30remaining
Correct ClusterRoleBinding YAML for cluster-wide admin access

Which YAML snippet correctly creates a ClusterRoleBinding named cluster-admin-binding that grants the cluster-admin ClusterRole to the user alice?

A
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cluster-admin-binding
subjects:
- kind: User
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
B
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-binding
subjects:
- kind: Group
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
C
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-binding
subjects:
- kind: User
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
D
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-binding
subjects:
- kind: User
  name: alice
roleRef:
  kind: Role
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
Attempts:
2 left
💡 Hint

Check the kind of binding, subject kind, and roleRef kind carefully.

Troubleshoot
advanced
2:00remaining
Error when creating RoleBinding with cluster-wide ClusterRole

You try to create a RoleBinding in namespace test that references the cluster-admin ClusterRole, but get an error. What is the most likely cause?

AThe namespace <code>test</code> does not exist.
BRoleBindings cannot reference ClusterRoles; only ClusterRoleBindings can.
CThe <code>cluster-admin</code> ClusterRole does not exist.
DRoleBinding subjects must be service accounts only.
Attempts:
2 left
💡 Hint

Think about the scope of RoleBindings and ClusterRoles.

🔀 Workflow
expert
3:00remaining
Sequence to grant namespace admin rights to a user

Arrange the steps in the correct order to grant a user named bob admin rights in the production namespace using Kubernetes RBAC.

A3,1,2,4
B1,3,2,4
C3,2,1,4
D2,1,3,4
Attempts:
2 left
💡 Hint

Think about prerequisites before creating resources and verifying access last.