Practice Drill

Learn how to put the latest open source technology into practice with hands-on training, delivered by industry experts, aligned to your desired business outcomes

Create a role and a role-binding that gives a user named networker permissions to get and list the ingresses and network policies.

Practice Drill: Answer

Start by imperatively creating the role:


$ kubectl create role --verb get,list --resource ingresses,networkpolicy webdrillrole

role.rbac.authorization.k8s.io/webdrillrole created

$

Then create a rolebinding that binds the webdrillrolle to the networker user:

$ kubectl create rolebinding --user networker --role webdrillrole webdrillrolebinding

rolebinding.rbac.authorization.k8s.io/webdrillrolebinding created

$

You can confirm this by using kubectl auth can-i --as and see if the networker user can perform get or list on ingress and network policy:

$ kubectl auth can-i get ingress --as networker

yes

$ kubectl auth can-i get ingress --as networker -n kube-system

no

$

As another exercise, try to create another role that can create network policies and bind the role to the same networker user.