Kubernetes CKA sample exam question 38 with answer

Question
Create a new ClusterRole named deploy-clusterrole, which only allows us to deploy the following resource types: Deployment, StatefulSet, DaemonSet.
Create a new ServiceAccount named cicd in the existing namespace app1. Bind the new ClusterRole deploy-clusterrrole to the new ServiceAccount cicd, limit to the namespace app1

Answer
Create ClusterRole manifest and inspect it:

kubectl create clusterrole deploy-clusterrrole --verb create --resource Deployment,StatefulSet,Daemonset --dry-run=client -o yaml

Now, you can safely run the imperative command after inspection:

kubectl create clusterrole deploy-clusterrrole --verb create --resource Deployment,StatefulSet,Daemonset

Create ServiceAccount in the app1 namespace:

kubectl -n app1 create sa cicd

Next - bind, create ClusterRoleBinding:

kubectl create clusterrolebinding deploy-clusterrole-binding --serviceaccount app1:cicd --clusterrole=deploy-clusterrole

Verify:

kubectl describe clusterrolebinding deploy-clusterrole-binding