Bird
0
0

You need to grant a developer permission to create pods only in the 'development' namespace and view pods across all namespaces. Which RBAC objects should you create to achieve this?

hard📝 Workflow Q8 of 15
Kubernetes - RBAC and Security
You need to grant a developer permission to create pods only in the 'development' namespace and view pods across all namespaces. Which RBAC objects should you create to achieve this?
ACreate a ClusterRole with 'create' pods permission and a Role with 'get' and 'list' pods permissions in the 'development' namespace, then bind both with ClusterRoleBindings.
BCreate a single Role with 'get', 'list', and 'create' pods permissions in the 'development' namespace and bind it with a RoleBinding.
CCreate a ClusterRole with 'get' and 'list' pods permissions and a Role with 'create' pods permission in the 'development' namespace, then bind the ClusterRole with a ClusterRoleBinding and the Role with a RoleBinding.
DCreate a ClusterRole with all permissions and bind it with a RoleBinding in the 'development' namespace.
Step-by-Step Solution
Solution:

  1. Step 1: Define a ClusterRole for cluster-wide read access

    Create a ClusterRole that allows 'get' and 'list' verbs on pods across all namespaces.

  2. Step 2: Define a Role for namespace-specific create access

    Create a Role in the 'development' namespace that allows 'create' verb on pods.

  3. Step 3: Bind the ClusterRole with a ClusterRoleBinding

    Bind the ClusterRole to the user or group with a ClusterRoleBinding to grant cluster-wide read permissions.

  4. Step 4: Bind the Role with a RoleBinding

    Bind the Role to the user or group with a RoleBinding scoped to the 'development' namespace to grant create permissions there.

  5. Final Answer:

    Create a ClusterRole with 'get' and 'list' pods permissions and a Role with 'create' pods permission in the 'development' namespace, then bind the ClusterRole with a ClusterRoleBinding and the Role with a RoleBinding. -> Option C

  6. Quick Check:

    ClusterRole for cluster-wide read + Role for namespace create [OK]
Quick Trick: Use ClusterRole for cluster-wide, Role for namespace-specific [OK]
Common Mistakes:
  • Using a single Role for cluster-wide permissions
  • Binding ClusterRole with RoleBinding instead of ClusterRoleBinding
  • Assigning create permission cluster-wide unintentionally

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
Advanced Deployment Patterns - GitOps with ArgoCD - Quiz 8hard Advanced Deployment Patterns - Canary deployments - Quiz 5medium Advanced Deployment Patterns - GitOps with ArgoCD - Quiz 2easy Helm Package Manager - Helm charts concept - Quiz 11easy Helm Package Manager - Helm charts concept - Quiz 14medium Monitoring and Logging - Resource monitoring best practices - Quiz 11easy Monitoring and Logging - Resource monitoring best practices - Quiz 13medium Operators and Custom Resources - Custom Resource Definitions (CRDs) - Quiz 6medium RBAC and Security - Secrets encryption at rest - Quiz 15hard Service Mesh - Service mesh vs library-based approach - Quiz 7medium