Certified Kubernetes Administrator (CKA) Practice Test

Binding a service account to a cluster role with namespace limitations is accomplished through the use of a RoleBinding. A RoleBinding grants permissions defined in a Role within a specific namespace to a user, group, or service account. This means that the permissions are restricted to that namespace, which is essential for controlling access and following the principle of least privilege.

In contrast, a ClusterRoleBinding applies cluster-wide permissions, which are not limited to a specific namespace. Therefore, while a ClusterRole could define the permissions, using a ClusterRoleBinding does not provide the necessary namespace limitations.

The option to use the `kubectl bind` command is not applicable, as there is no such command directly available in kubectl; bindings must be explicitly created through RoleBinding or ClusterRoleBinding resources.

Finally, modifying the service account directly does not involve creating a RoleBinding or ClusterRoleBinding, thereby failing to appropriately assign or manage permissions on a namespace level. It's crucial to use the correct binding mechanism to ensure that permissions are assigned in accordance with the intended scope of access.