RBAC (Role-Based Access Control) is a key security feature in Kubernetes. What is its main purpose?
Think about security and permissions in Kubernetes.
RBAC controls user and service permissions, defining who can do what in the cluster.
Given the command below, what will be the result?
kubectl create rolebinding read-pods --clusterrole=view --user=alice --namespace=defaultCheck the command syntax and resource types.
The command creates a RoleBinding named 'read-pods' that binds the cluster role 'view' to user 'alice' in the 'default' namespace.
A user has a RoleBinding granting access to pods in namespace 'dev', but gets 'Forbidden' errors when listing pods. What could be the cause?
Consider namespace scope of RoleBindings and resources.
RoleBindings are namespace-scoped. If the RoleBinding is in a different namespace than the pods, the user won't have access.
Put these steps in the correct order to grant a service account read access to pods in the 'prod' namespace.
Think about creating resources before binding and usage.
You first create the ServiceAccount, then the Role, then bind them, and finally use the ServiceAccount in pods.
Choose the best RBAC practice to minimize security risks in a Kubernetes cluster.
Think about limiting access to reduce damage from mistakes or attacks.
Granting minimal permissions reduces the risk of accidental or malicious actions.