[Solved] You applied this YAML to create a RoleBinding: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-pods subjects: - kind: User name: bob roleRef: kind: Role name:... | Kubernetes

Kubernetes - RBAC and Security

You applied this YAML to create a RoleBinding:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
subjects:
- kind: User
  name: bob
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

But bob cannot list pods in the namespace. What is the likely problem?

AThe <code>subjects</code> field is missing <code>apiGroup</code> for the user.

BThe <code>roleRef</code> kind should be <code>ClusterRole</code> instead of <code>Role</code>.

CThe RoleBinding must be created in the kube-system namespace.

DThe user <code>bob</code> does not exist in Kubernetes.

Step-by-Step Solution

Solution:

Step 1: Check subjects field completeness
The subjects entry for user bob lacks the required apiGroup field, which is needed to identify the user correctly.
Step 2: Understand impact of missing apiGroup
Without apiGroup, Kubernetes cannot match the user to the RoleBinding, so permissions are not granted.
Final Answer:
Missing apiGroup in subjects causes permission failure. -> Option A
Quick Check:
Subjects need apiGroup for user binding [OK]

Quick Trick: Always include apiGroup in subjects for users [OK]

Common Mistakes:

Omitting apiGroup in subjects
Confusing Role and ClusterRole in roleRef
Assuming namespace or user existence is the problem

Master "RBAC and Security" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Kubernetes Quizzes

You applied this YAML to create a RoleBinding:

Step 1: Check subjects field completeness

Step 2: Understand impact of missing apiGroup

Final Answer:

Quick Check:

Want More Practice?