Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CKAD Preparation > Security - Role Based Access Control > Flashcards

Security - Role Based Access Control Flashcards

1
Q

How do we link a user to a role?

A

via another object: RoleBinding .yaml
~~~
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: devuser-developer-binding
(namespaces if you want to limit, what it is applied to)
subjects:
- kind: User
name: dev-user
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: developer
apiGroup: rbac.authorization.k8s.io
~~~
- create via kubectl
- falls under namespaces, applies to current namespace if not specified differently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

How do we create a role?

A

role.yaml:
~~~
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: developer
rules:
- apiGroups: [””]
resources: [“pods”]
verbs: [“list”, “get”, “create”, “update”, “delete”]
- apiGroups: [””]
resources: [“ConfigMap”]
verbs: [“create”]
~~~

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can you check whether or not you have access to a certain object + verb?

A

kubectl auth can-i create deployments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you (as an admin) whether a certain user can do specific things?

A

kubectl auth can-i create pods –as dev-user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where can you find the details about the kube-apiserver?

A

/etc/kubernetes/manifest/kube-apiserver.yaml

ps -aux | grep authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

With what command can you imperatively create a role binding?

A

k create rolebinding dev-user-binding –role=developer –user=dev-user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Cluster Roles? Clusterrolebindings?

A
  • used for access to cluster scoped resources
  • beside that just like roles and rolebindings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can resources be differentiated in terms of scope?

A

Resources can be
- namespaced (pods, jobs, deployments, services, roles, …)
- cluster scoped (nodes, PV, clusterroles, namespaces, clusterrolebindings, …)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between namespaced and cluster-scoped resouces?

A

Namespaced resources adhere to a certain, specified namespace. If not specified to the default namespace.

Cluster-scoped resources are cluster-wide available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does a Clusterrole yaml look like?

A

like a role-yaml just with kind=ClusterRole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is it possible to define ClusterRoles for namespaced resources?

A

Yes, the access is then across all namespaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CKAD Preparation (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions