Answers to Review Questions

Chapter 2, “Cluster Architecture, Installation, and Configuration”

  1. First, create the namespace named apps. Then, we’ll create the ServiceAccount:

    $ kubectl create namespace apps
$ kubectl create serviceaccount api-access -n apps

    Alternatively, you can use the declarative approach. Create the namespace from the definition in the file apps-namespace.yaml:

    apiVersion: v1
kind: Namespace
metadata:
  name: apps

    Create the namespace from the YAML file:

    $ kubectl create -f apps-namespace.yaml

    Create a new YAML file called api-serviceaccount.yaml with the following contents:

    apiVersion: v1
kind: ServiceAccount
metadata:
  name: api-access
  namespace: apps

    Run the create command to instantiate the ServiceAccount from the YAML file:

    $ kubectl create -f api-serviceaccount.yaml

  2. Use the create clusterrole command to create the ClusterRole imperatively:

    $ kubectl create clusterrole api-clusterrole --verb=watch,list,get \
  --resource=pods

    If you’d rather start with the YAML file, use content shown in the file api-clusterrole.yaml:

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: api-clusterrole
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["watch","list","get"]

    Create the ClusterRole from the YAML file:

    $ kubectl create -f api-clusterrole.yaml

    Use the create clusterrolebinding command to create the ClusterRoleBinding imperatively.

    $ kubectl create clusterrolebinding api-clusterrolebinding \
  --serviceaccount=apps:api-access --clusterrole=api-clusterrole ...

Get Certified Kubernetes Administrator (CKA) Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial