I am having issue with CKA Mock Exam 3…I am trying to create a cluster role and . . .

Edmund Kueh:
I am having issue with CKA Mock Exam 3…I am trying to create a cluster role and cluster role binding…YAML file is shown below…I am getting an error with Line 7…


OE:
Try pv instead of PV

Edmund Kueh:
I made a mistake at line 18…Typo…Fixed it…But I am now getting this error message

Edmund Kueh:
I want to attach my Cluster Role Binding to my Service Account…Under subjects.name, should the name be system:serviceaccounts:pvviewer or system:serviceaccount:pvviewer ?

Edmund Kueh:
Is there any difference between serviceaccount vs serviceaccounts ?

OE:
A service account is in the following format:

system:serviceaccount:<namespace>:<serviceaaccountname>

you forgot the namespace

Edmund Kueh:
@OE Even with namespace, its not working

Edmund Kueh:
YAML file attached…

Md Ishaq R:
@Edmund Kueh check the 18th line {i name} remove the i correctly align it as name

Edmund Kueh:
@Md Ishaq R Line 18 has been rectified…but still its not working

OE:
first set PV to pv. There is no resource type named PV

OE:
Also, always use the imperative commands to get valid YAML output and only modify what you need. I quickly recreated it and this was the corresponding YAML for the clusterrolebinding;

apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: ClusterRoleBinding
metadata:
 creationTimestamp: null
 name: pvviewer-role-binding
roleRef:
 apiGroup: <http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>
 kind: ClusterRole
 name: pvviewer-role
subjects:
- kind: ServiceAccount
 name: pvviewer
 namespace: default

Edmund Kueh:
@OE Set to pv…but still getting the following error message

sharan:
@Edmund J Sutcliffe see under resource you have to mention persistentvolumes. AS per @OE you can use imperative commands

sharan:

kubectl create clusterrolebinding add-on-cluster-admin \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:default

Tej_Singh_Rana:
I am not having any issue, It worked.

Tej_Singh_Rana:

controlplane $
controlplane $ kubectl create sa pvviewer
serviceaccount/pvviewer created
controlplane $ cat crs.yaml
apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: ClusterRoleBinding
metadata:
 name: pvviewer-role-binding
roleRef:
 apiGroup: <http://rbac.authorization.k8s.io|rbac.authorization.k8s.io>
 kind: ClusterRole
 name: pvviewer-role
subjects:
- kind: ServiceAccount
  name: pvviewer
  namespace: default
controlplane $ kubectl create -f crs.yaml
<http://clusterrolebinding.rbac.authorization.k8s.io/pvviewer-role-binding|clusterrolebinding.rbac.authorization.k8s.io/pvviewer-role-binding> created

Tej_Singh_Rana:

$ kubectl create clusterrole pvviewer-role --resource=pv --verb=list

Edmund Kueh:
@Tej @OE Thanks…I was following the documentation as shown below…Hence my YAML file for clusterrolebinding was wrong…How do I check which field needs to be included in the case of Service Account ?

Tej_Singh_Rana:
It depends on the use cases. For service accounts:

- kind: ServiceAccount
  name: &lt;sa-name&gt;
  namespace: &lt;namespace-name&gt;