0
0
Kubernetesdevops~10 mins

Why RBAC matters in Kubernetes - Test Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a Role that allows reading pods in a namespace.

Kubernetes
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["[1]"]
Drag options to blanks, or click blank then click option'
Aget
Bdelete
Ccreate
Dupdate
Attempts:
3 left
💡 Hint
Common Mistakes
Using verbs like delete or create which modify resources instead of reading.
2fill in blank
medium

Complete the code to bind the Role 'pod-reader' to a user named 'alice'.

Kubernetes
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: [1]
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
Drag options to blanks, or click blank then click option'
Aalice
Bbob
Cadmin
Dsystem
Attempts:
3 left
💡 Hint
Common Mistakes
Using other user names not specified in the task.
3fill in blank
hard

Fix the error in the RoleBinding that incorrectly references a ClusterRole instead of a Role.

Kubernetes
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: [1]
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
Drag options to blanks, or click blank then click option'
AClusterRole
BServiceAccount
CUser
DRole
Attempts:
3 left
💡 Hint
Common Mistakes
Using ClusterRole in RoleBinding causes permission errors.
4fill in blank
hard

Fill both blanks to create a ClusterRole that allows listing and watching all pods across namespaces.

Kubernetes
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: pod-list-watch
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["[1]", "[2]"]
Drag options to blanks, or click blank then click option'
Alist
Bwatch
Cdelete
Dcreate
Attempts:
3 left
💡 Hint
Common Mistakes
Including verbs like delete or create which change resources.
5fill in blank
hard

Fill all three blanks to create a RoleBinding that assigns the 'pod-list-watch' ClusterRole to a service account named 'monitor' in the 'monitoring' namespace.

Kubernetes
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: monitor-pods
  namespace: monitoring
subjects:
- kind: [1]
  name: [2]
  namespace: monitoring
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: [3]
  name: pod-list-watch
  apiGroup: rbac.authorization.k8s.io
Drag options to blanks, or click blank then click option'
AUser
Bmonitor
CClusterRole
DServiceAccount
Attempts:
3 left
💡 Hint
Common Mistakes
Using User instead of ServiceAccount or Role instead of ClusterRole.