Question 1 · Cluster Architecture, Installation & Configuration
You need to verify that an RBAC ClusterRole has the correct permissions without applying it to the cluster. Which command allows dry-run inspection?
- kubectl apply -f clusterrole.yaml --dry-run=client to validate syntax
- kubectl auth can-i create deployments as user to test permissions
- kubectl describe clusterrole rolename to see permissions
- RBAC roles must be applied to test them; dry-run is not available
Correct answer: kubectl apply -f clusterrole.yaml --dry-run=client to validate syntax
The --dry-run=client flag validates the manifest without applying it. kubectl auth can-i tests actual permissions but requires the role to exist. kubectl describe shows existing roles. Dry-run is available for validation.





