The whole lab is about creating a new service account called my-service-account and creating a token for it, and then in question #4, you are required to give that service account the required permissions to do some actions on pods.
The problem:
The instructions in the questions, tells you to create a role binding and attach the role to a service account called default in default namespace instead of the service account created in the previous steps which is called my-service-account.
Once I attached the role to the service account I created and not the default one, the grader script passed properly.
So what needs to be done is to change this line:
- Subject: ServiceAccount
defaultin namespacedefault
to: - Subject: ServiceAccount
my-service-accountin namespacedefault
FYI