Oracle Cloud Infrastructure 2020 Architect Associate — Question 25
You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). You want to provide access to this cluster to other team members.
What should you do to provide access to this cluster using as fewest steps as possible?
Answer options
- A. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell.
- B. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create individual users and access token for each team member. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell.
- C. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create a cluster role and cluster role binding to provide access to the cluster for each team member. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster.
- D. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster.
Correct answer: B
Explanation
Option B is correct because it allows for individual access tokens, providing a secure and manageable way for each team member to access the OKE cluster using their own credentials. Options A and D lack the individual access tokens, which can complicate access management. Option C introduces unnecessary complexity by requiring cluster roles and bindings, which are not needed when using access tokens.