Gaurav Karki:
@Mumshad Mannambeth @Vijin Palazhi on the PSP lecture it was mentioned that the service account running the pod need access to psp object. However on the psp lab, i donot see any rolebidnings,clusterrolebindgins that gives access to the psp, yet we were able to create the pod. Am i missing anything?
root@controlplane:~# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: example-app
spec:
containers:
-
name: example-app
image: ubuntu
command: ["sleep" , "3600"]
securityContext:
privileged: false
runAsUser: 0
serviceAccount: test
serviceAccountName: test
volumes:
- name: data-volume
hostPath:
path: '/data'
type: Directory
root@controlplane:~#
root@controlplane:~# kubectl create -f pod.yaml
pod/example-app created
root@controlplane:~#root@controlplane:~# kubectl create -f pod.yaml
pod/example-app created
root@controlplane:~#root@controlplane:~# kubectl get clusterrole | grep -i test
root@controlplane:~# kubectl get role | grep -i test
No resources found in default namespace.
root@controlplane:~# kubectl get <http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> | grep -i test
root@controlplane:~# kubectl get <http://rolebindings.rbac.authorization.k8s.io|rolebindings.rbac.authorization.k8s.io> | grep -i test
No resources found in default namespace.
root@controlplane:~# root@controlplane:~# kubectl get clusterrole | grep -i test
root@controlplane:~# kubectl get role | grep -i test
No resources found in default namespace.
root@controlplane:~# kubectl get <http://clusterrolebindings.rbac.authorization.k8s.io|clusterrolebindings.rbac.authorization.k8s.io> | grep -i test
root@controlplane:~# kubectl get <http://rolebindings.rbac.authorization.k8s.io|rolebindings.rbac.authorization.k8s.io> | grep -i test
No resources found in default namespace.
root@controlplane:~#