ITGSS Certified DevOps Engineer Practice Test

What does Kubernetes automatically create when creating a Pod?

• A. Service account Secret
• B. Cluster role binding
• C. Deployment object
• D. ConfigMap

The correct answer is: Service account Secret

When a Pod is created in Kubernetes, it is automatically associated with a service account. A service account provides an identity for processes that run in a Pod, enabling them to interact with the Kubernetes API while also maintaining security boundaries. Specifically, Kubernetes generates a default service account named "default" in the same namespace as the Pod, which is linked to that Pod unless a specific service account is specified in the Pod's configuration. Along with the service account, Kubernetes also generates a Secret associated with that service account. This Secret contains tokens and other information that the Pod can use to authenticate with the Kubernetes API and other services securely. This implicit creation of a service account and its accompanying Secret is fundamental to the Kubernetes security model, ensuring that Pods have the necessary credentials to operate within the cluster while limiting access where appropriate. On the other hand, the other options listed do not automatically occur when a Pod is created. For instance, a cluster role binding, which grants permissions to a service account or a user, requires manual configuration. Similarly, Deployment objects are used to manage the deployment of Pods and need to be explicitly defined by users. ConfigMaps, which store non-confidential data in key-value pairs and are used for configuration settings, must also be manually created