Q: 8
Create a new ServiceAccount named backend-sa in the existing namespace default, which has the
capability to list the pods inside the namespace default.
Create a new Pod named backend-pod in the namespace default, mount the newly created sa
backend-sa to the pod, and Verify that the pod is able to list pods.
Ensure that the Pod is running.
Your Answer
Discussion
Not just ServiceAccount, you need the Role and RoleBinding too or the pod can't actually list pods. Common mistake is thinking SA alone grants access, but RBAC defaults block that. Happened in similar practice questions.
Full YAML manifest with ServiceAccount, Role, RoleBinding, and Pod using serviceAccountName. That's the minimal set for scoped pod listing in default namespace.
Nah, not just serviceAccount alone. You need the Role (not ClusterRole) to avoid over-permissive access.
You don’t need ClusterRole here, just a Role with pods:list in default. Saw some practice where folks trip up and over-scope permissions. ServiceAccount gets permissions via RoleBinding, then Pod uses that SA to list pods. Pretty standard RBAC task.
backend-sa.yaml, that manifest covers all steps here.
backend-sa.yaml manifest does it. No explanation needed, that's the working solution.
Yep, backend-sa.yaml is it.
backend-sa.yaml including ServiceAccount, Role, RoleBinding, and Pod definition. No explanation needed for this one.
Doesn't need ClusterRole here, just a Role for pods:list. Some get tripped up by that.
Yeah, backend-sa.yaml. Manifest with ServiceAccount, Role, RoleBinding, and Pod all in default namespace does this.
Be respectful. No spam.
