Practice Drill

Learn how to put the latest open source technology into practice with hands-on training, delivered by industry experts, aligned to your desired business outcomes

Create a role and a role-binding that gives a user named networker permissions to get and list the ingresses and network policies.

Practice Drill: Answer

Start by imperatively creating the role:

$ kubectl create role --verb get,list --resource ingresses,networkpolicy webdrillrole created


Then create a rolebinding that binds the webdrillrolle to the networker user:

$ kubectl create rolebinding --user networker --role webdrillrole webdrillrolebinding created


You can confirm this by using kubectl auth can-i --as and see if the networker user can perform get or list on ingress and network policy:

$ kubectl auth can-i get ingress --as networker


$ kubectl auth can-i get ingress --as networker -n kube-system



As another exercise, try to create another role that can create network policies and bind the role to the same networker user.