0
0
Kubernetesdevops~20 mins

Service accounts in Kubernetes - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Service Account Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Output of listing service accounts in a namespace
What is the output of the following command when run in a namespace with two service accounts named default and custom-sa?
Kubernetes
kubectl get serviceaccounts
A
NAME        SECRETS   AGE
custom-sa   1         5d
default     1         10d
B
serviceaccounts/default created
serviceaccounts/custom-sa created
C
NAME        AGE
custom-sa   5d
default     10d
D
NAME        SECRETS
custom-sa   1
default     1
Attempts:
2 left
💡 Hint
Use kubectl get serviceaccounts to list all service accounts with their secrets and age.
🧠 Conceptual
intermediate
1:00remaining
Purpose of Kubernetes service accounts
Which option best describes the main purpose of a Kubernetes service account?
ATo manage network policies between pods in different namespaces.
BTo store configuration files for pods to use during startup.
CTo provide an identity for processes running in pods to access the Kubernetes API securely.
DTo schedule pods onto specific nodes based on resource availability.
Attempts:
2 left
💡 Hint
Think about how pods authenticate to the Kubernetes API server.
Configuration
advanced
2:00remaining
Correct YAML for creating a service account
Which YAML snippet correctly creates a service account named my-service-account in the production namespace?
A
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: production
B
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  labels:
    namespace: production
C
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: prod
D
apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
namespace: production
Attempts:
2 left
💡 Hint
Namespace must be under metadata and spelled exactly as 'production'.
Troubleshoot
advanced
1:30remaining
Reason for pod failing to access Kubernetes API with service account
A pod using a service account custom-sa cannot access the Kubernetes API and gets a 403 Forbidden error. What is the most likely cause?
AThe pod is running in the wrong namespace.
BThe pod specification is missing the <code>serviceAccountName</code> field.
CThe Kubernetes API server is down.
DThe service account <code>custom-sa</code> does not have the necessary Role or ClusterRole bindings.
Attempts:
2 left
💡 Hint
Check if the service account has permissions assigned via roles.
🔀 Workflow
expert
2:30remaining
Order of steps to create and use a service account in a pod
Arrange the steps in the correct order to create a service account and use it in a pod.
A1,2,3,4
B1,3,2,4
C3,1,2,4
D2,1,3,4
Attempts:
2 left
💡 Hint
Permissions must be granted before the pod uses the service account.