Regarding cluster role creation question in Mock exam 3, How can we verify it ? . . .

samith perera:
regarding cluster role creation question in Mock exam 3, How can we verify it ?
I have tried with
kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer

which was not working.

Leo:
works for me – > controlplane $ kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer
Warning: resource ‘persistentvolumes’ is not namespace scoped
yes

Leo:
controlplane $ kubectl describe clusterrole pvviewer-role
Name: pvviewer-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs


persistentvolumes [] [] [list]
controlplane controlplane
controlplane $ kubectl describe clusterrolebinding pvviewer-role-binding
Name: pvviewer-role-binding
Labels: <none>
Annotations: <none>
Role:
Kind: ClusterRole
Name: pvviewer-role
Subjects:
Kind Name Namespace


ServiceAccount pvviewer default
controlplane $

samith perera:
@Leo kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer

this command always return yes for any action