samith perera:
regarding cluster role creation question in Mock exam 3, How can we verify it ?
I have tried with
kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer
which was not working.
samith perera:
regarding cluster role creation question in Mock exam 3, How can we verify it ?
I have tried with
kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer
which was not working.
Leo:
works for me – > controlplane $ kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer
Warning: resource ‘persistentvolumes’ is not namespace scoped
yes
Leo:
controlplane $ kubectl describe clusterrole pvviewer-role
Name: pvviewer-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
persistentvolumes [] [] [list]
controlplane $
controlplane $
controlplane $ kubectl describe clusterrolebinding pvviewer-role-binding
Name: pvviewer-role-binding
Labels: <none>
Annotations: <none>
Role:
Kind: ClusterRole
Name: pvviewer-role
Subjects:
Kind Name Namespace
ServiceAccount pvviewer default
controlplane $
samith perera:
@Leo kubectl auth can-i list pv --as=system:serviceaccount:default:pvviewer
this command always return yes for any action