Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Kubernetes > RBAC > Flashcards

RBAC Flashcards

1
Q

What subjects are there in kubernetes?

A

Users and groups, Service accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What command creates a service account?

A

kubectl create serviceaccount $SA_NAME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What gets created along with service accounts?

A

Nothing, before kubernetes 1.24 service accounts would automatically create a secret. Now the secret can either be created manually with “kubectl create token (sa name)” or by specifying a service account in a pod yaml file specs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where can you find the ca.crt and ca.key files for the kubernetes certificate authoraty

A

/etc/kubernetes/pki

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the default roles?

A

cluster-admin - has access to everything
admin - has access to everything in a namespace
edit - Has access to all resources except roles and rolebindings in a namespace
view - has access to all resources except roles, rolebindings and secrets in a namespace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What command creates a role with list,get and watch access to pods deployments and services?

A

kubectl create role a-role –verb=list,get,watch –resource=pods,deployments,services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What command creates a role binding that bind a-role and johndoe

A

kubectl create rolebinding a-rolebinding –role=a-role –user=johndoe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can a clusterrole aggregate existing clusterroles rules, how is the yaml file syntax for that?

A

apiVersion: rbac.authorization.k8s.io/v1
kind:ClusterRole
metadata:
name: example
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac-pod-list: “true”
- matchLabels:
rbac-service-delete: “true
rules: []

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you check the if a user johndoe can list pods?

A

kubectl auth can-i (verb) (resource) –as (subject)
kubectl auth can-i list pods –as johndoe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you get the secret token value of serviceaccount a-sa?

A

This is done in 3 steps:
1st get the secret name associated with the service account
Secretname =$(k get sa a-sa -o jsonpath=”{.secrets[0].name}”)
2. Then get the secret value
Secretvalue=$(k get secret $secretname -o jsonpath=”{.data.token}”)
3rd decode the value
Echo $secretvalue | base64 –decode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can you view the contexts?

A

kubectl config get-contexts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference between the following commands:
1 - “k create rolebinding pipeline-binding1 –serviceaccount ns1:pipeline –clusterrole pipeline-role”
2 - “k -n ns1 create rolebinding pipeline-binding1 –serviceaccount ns1:pipeline –clusterrole pipeline-role”

A

The first command allows the permissions of cluster role pipeline-role to be done by sa ns1:pipeline on the default namespace. The second command does the same but on the ns1 namespace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Kubernetes (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions