Jia:
- In mock3, while doing the psp question, we dont have any clusterrole etc for psp and for pod to access this psp, we needed roles based on lecture, why we dont need RBAC here ?
Apaar Sharma:
the admin user by default has acess to psp, the role binding is created for service accoounts so that deployments and replicationsets can also use psp.
Jia:
lectures and doc are not very clear
https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@Vijin Palazhi @Mumshad Mannambeth Can you please explain, according to my understanding will psp work without rbac and how ? if not how did it work in mock exam 3
Jia:
the doc says
When a PodSecurityPolicy resource is created, it does nothing. In order to use it, the requesting user or target pod's service account must be authorized to use the policy, by allowing the use verb on the policy.
in our question, we have default serviceaccount mapped to this pod and this serviceaccount is not part of any clusterrolebing or rolebinding, it has limited permissions say nothing then how it can make use of this psp ?