Complete the code to create a Role that allows reading pods in a namespace.
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["[1]"]
The verb get allows reading pod details in the namespace.
Complete the code to create a ClusterRole that allows listing all nodes.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: node-lister rules: - apiGroups: [""] resources: ["[1]"] verbs: ["list"]
The resource nodes represents all nodes in the cluster, which ClusterRole can list.
Fix the error in the Role binding to bind the Role 'pod-reader' to user 'alice'.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods-binding
namespace: default
subjects:
- kind: User
name: alice
roleRef:
kind: [1]
name: pod-reader
apiGroup: rbac.authorization.k8s.ioThe roleRef.kind must match the kind of role being referenced. Here, it is a Role, not a ClusterRole.
Fill both blanks to create a ClusterRole that allows creating and deleting services.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: service-manager rules: - apiGroups: [""] resources: ["services"] verbs: ["[1]", "[2]"]
The verbs create and delete allow managing services by adding and removing them.
Fill all three blanks to create a Role that allows updating deployments and listing pods in a namespace.
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: production name: deploy-manager rules: - apiGroups: ["apps"] resources: ["[1]"] verbs: ["[2]"] - apiGroups: [""] resources: ["[3]"] verbs: ["list"]
This Role allows updating deployments in the 'apps' API group and listing pods in the core API group.