Linux Foundation Exam CKS Topic 1 Question 56 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 56
Topic #: 1

[All CKS Questions]

Create a User named john, create the CSR Request, fetch the certificate of the user after approving it.

Create a Role name john-role to list secrets, pods in namespace john

Finally, Create a RoleBinding named john-role-binding to attach the newly created role john-role to the user john in the namespace john. To Verify:Use the kubectl auth CLI command to verify the permissions.

AExplanation:
se kubectl to create a CSR and approve it.
Get the list of CSRs:
kubectl get csr
Approve the CSR:
kubectl certificate approve myuser
Get the certificate
Retrieve the certificate from the CSR:
kubectl get csr/myuser -o yaml
here are the role and role-binding to give john permission to create NEW_CRD resource:
kubectl apply -f roleBindingJohn.yaml --as=john
rolebinding.rbac.authorization.k8s.io/john_external-rosource-rb created
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: john_crd
namespace: development-john
subjects:
- kind: User
name: john
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: crd-creation
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: crd-creation
rules:
- apiGroups: ['kubernetes-client.io/v1']
resources: ['NEW_CRD']
verbs: ['create, list, get']

Show Suggested Answer

Suggested Answer: A

by Lorrine at May 31, 2024, 08:15 AM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rosalia

1 months ago

As a Kubernetes admin, I'd be careful about approving random CSRs. Make sure you know who 'john' is and why they need those permissions before signing off!

upvoted 0 times

...

Haydee

1 months ago

Haha, I wonder if the developers who created the 'NEW_CRD' resource had a sense of humor when they named it. Anyway, this question looks straightforward enough.

upvoted 0 times

...

2 months ago

This is a great question that covers some important Kubernetes concepts. Creating a user, CSR, and then attaching permissions via a role and role binding is a common real-world task.

upvoted 0 times

Micah

6 minutes ago

User2: Get the list of CSRs with 'kubectl get csr'.

upvoted 0 times

...

Clay

2 days ago

User1: Use kubectl to create a CSR and approve it.

upvoted 0 times

...

Melodie

3 months ago

Yes, but the explanation provided gives a clear step-by-step guide. We just need to follow it carefully and verify the permissions using the kubectl auth CLI command.

upvoted 0 times

...

Helene

3 months ago

I agree, it seems like we need to create a CSR, fetch the certificate, and set up roles and role bindings. It's a lot to remember.

upvoted 0 times

...

Melodie

3 months ago

I think this question is quite challenging. I'm not sure if I remember all the steps correctly.

upvoted 0 times

...