Fix Broken Pod ServiceAccount

In namespace monitoring, Pod metrics-pod is using ServiceAccount wrong-sa and receiving authorization errors. Multiple ServiceAccounts, Roles, and RoleBindings already exist in the namespace:…

Solve this on a real cluster — free → All CKAD tasks

🗓️ Free Task of the Week: one CKAD task is unlocked free for everyone every week — no card, real cluster, auto-graded (2 tries/week). Create a free account and check whether this one is live now.

The task

Task

In namespace monitoring, Pod metrics-pod is using ServiceAccount wrong-sa and receiving authorization errors.

Multiple ServiceAccounts, Roles, and RoleBindings already exist in the namespace:

ServiceAccounts: monitor-sa, wrong-sa, admin-sa
Roles: metrics-reader, full-access, view-only
RoleBindings: monitor-binding, admin-binding

Requirements

Identify which ServiceAccount/Role/RoleBinding combination has the correct permissions
Update Pod metrics-pod to use the correct ServiceAccount
Verify the Pod stops showing authorization errors

Hint: Check existing RoleBindings to see which ServiceAccount is bound to which Role.

Exam

CKAD

Domain

Application Environment, Configuration and Security

Grading

Programmatic · partial credit

Reference

Kubernetes docs ↗

What this tests

Wire up configmaps, secrets, service accounts, RBAC, securityContext, and resource limits. On the CKAD exam, Application Environment, Configuration and Security tasks are graded purely on what you build in the cluster — not multiple choice — so the only way to get faster is to do them on a real cluster against a clock.

Practice it for real

prepium.sh drops you into your own isolated Kubernetes cluster in the browser — no install, no credit card. You solve the task in a real terminal, hit validate, and a programmatic checker scores exactly what you got right and wrong (with partial credit). The canonical solution unlocks after you attempt it, so you learn the fast, exam-ready way to do it.

Start free → CKAD overview