Which command grants the image-puller role to service accounts from another OpenShift project?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Red Hat OpenShift Developer II DO288 Exam with our quizzes. Study with flashcards and multiple choice questions, each with hints and explanations. Get ready for your certification!

Multiple Choice

Which command grants the image-puller role to service accounts from another OpenShift project?

Explanation:
This is about granting cross-project image pull access using OpenShift RBAC. To let service accounts from another project pull images from a different project, you attach the built-in image-puller role to the group that represents those service accounts. The command to do this is to add a role to a group within the target project, specifying the group as system:serviceaccounts:<otherproject>. The -n <project> flag designates the project where this binding is created (the project whose image streams will be pulled from). So the command you’d use is: oc policy add-role-to-group -n <project> system:image-puller system:serviceaccounts:<otherproject>. This grants all service accounts in the other project the right to pull images from the target project. The other forms aren’t valid oc policy commands for this purpose: they don’t represent the correct subcommand to bind a role to a group, and thus wouldn’t accomplish cross-project image-puller access.

This is about granting cross-project image pull access using OpenShift RBAC. To let service accounts from another project pull images from a different project, you attach the built-in image-puller role to the group that represents those service accounts. The command to do this is to add a role to a group within the target project, specifying the group as system:serviceaccounts:. The -n flag designates the project where this binding is created (the project whose image streams will be pulled from). So the command you’d use is: oc policy add-role-to-group -n system:image-puller system:serviceaccounts:. This grants all service accounts in the other project the right to pull images from the target project.

The other forms aren’t valid oc policy commands for this purpose: they don’t represent the correct subcommand to bind a role to a group, and thus wouldn’t accomplish cross-project image-puller access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy