What is the difference between a ClusterRole and a Role?

  1. ClusterRole is cluster-scoped, Role is namespace-scoped ✓
  2. There is no difference
  3. ClusterRole has higher permissions than Role
  4. ClusterRole is for admins, Role is for users

Correct answer: ClusterRole is cluster-scoped, Role is namespace-scoped

Option A is correct because a Role in Kubernetes is namespace-scoped and can only grant permissions to resources within a single namespace, while a ClusterRole is cluster-scoped and can grant permissions to cluster-wide resources such as nodes and persistent volumes, as well as to namespaced resources across all namespaces. Option B is false; the two resource types have fundamentally different scopes. Option C conflates scope with permission level; a ClusterRole does not inherently have 'higher' permissions than a Role, it simply operates at a different scope. Option D is a common misconception; ClusterRoles and Roles are not tied to user categories such as admins versus regular users; the distinction is purely about resource scope.

Topic: · kubernetes, rbac, clusterrole, authorization

Practice Certified Kubernetes Administrator (CKA) Questions Free