Have one more doubt regarding the selection of resource while creating the clust . . .

Mayur Sharma:
Have one more doubt regarding the selection of resource while creating the clusterrole (or simple role). Do the question contain what resources we want to give access to? or it would be something like

michelle's responsibilities are growing and now she will be responsible for storage as well. Create the required ClusterRoles and ClusterRoleBindings to allow her access to Storage.

Though in lab, it is given the list of resources as well, can someone please confirm whether the list of resources would be given or we have to deduce it?
If we have to deduce it, then please share the documentation steps also. Thanks!

Fernando Jimenez:
Hi @Mayur Sharma
If there is not mention of what kind of authorization is allow for a user, there would not be any task to ask, therefore the resources that the user is authorized to, must be present.

Mayur Sharma:
@Fernando Jimenez Thanks for the clarification. I am able to solve most of the labs, but have few doubts like these.

One more thing if you could please clarify, would the exact name of the resource be given? like create roles for resource name persistentvolumes and storageclasses.

OR, the question would ask for storage roles (and we have to find the exact resource names for storage access)

Fernando Jimenez:
Allow user Mayur to create and list deployments in namespace development.
First you need to think what is it that I need in order to do that?
You need a role, and a rolebiding in the namespace development. You do not need clusterrole or clusterrole binding because that’s for cluster scope and here is just a namespace.
Now, you create the role with the resource deployments and the verbs create and list.

kubectl -n development create role mayur-role --resource="deploy" --verb="create,list"

After that you binding the user (presumably it exists like a certificate approved already) with the role.

kubectl -n development create rolebinding mayur-role-binding --role=mayur-role --user=mayur

Fernando Jimenez:
Yeah, the word storage there is a bit ambiguous, since there is not a resource named storage. There must be additional meaning behind, like what exactly storage might represent, like you said, PersistentVolume, PersistentVolumeClaim, StorageClass.

Fernando Jimenez:
In the actual test the tasks are clearer and specific.

Mayur Sharma:
@Fernando Jimenez Thanks a lot for the detailed explanation, it is crystal clear now. :slightly_smiling_face:

Yeah, for storage it was a bit confusion. now I remember persistentvolumes and storageclasses for storage access. :pray:

Mayur Sharma:
May I please ask you to share your views on below thread also …