tim heaney:
Hi folks,
I am struggling with the the answer to Q10 of the RBAC chapter within the Security section. The question suggests that there is something wrong with the Role, particularly the resourceName, however, I can’t find the issue. Help! Many thanks and well-wishes as you progress smartly towards your CKA!
Fernando Jimenez:
controlplane $ kubectl auth can-i get pod/dark-blue-app -n blue --as=dev-user
no
As you can see in the above command, the user dev-user
can not get the pod dark-blue-app
controlplane $ kubectl -n blue get role
NAME CREATED AT
developer 2021-05-18T18:56:55Z
The task is to edit the role developer
to allow user dev-user
to get pod
dark-blue-app
Modify to match:
rules:
- apiGroups:
- ""
resourceNames:
- blue-app
- dark-blue-app
Issuing the command:
controlplane $ kubectl -n blue edit role developer
Abhijit Shinde:
very nicely explained…