K8s_Member:
Hi there,
I know the way to double check my serviceAccount permission like this
kubectl auth can-i <verb> <resource> --as=system:serviceaccount:<namespace>:<serviceaccountname> [-n <namespace>]
or
k get pods —as=system:serviceaccount:<namespace>:<serviceaccountname> [-n <namespace>]
How about netpol & securityContext (ex capability SYSTEM_TIME)?
Thanks a lot.
Alistair Mackay:
There are no kubectl command for testing these things.
For netpols, you have to use curl in a pod that matches the network policy to try to connect to the pod that has the policy.
For a security context, you just have to trust it. If the syntax is incorrect, the pod won’t be created.
Can you please ask future questions at https://kodekloud.com/community/c/kubernetes/6 as we’re trying to move off slack due to recent issues.
K8s_Member:
Thanks a lot, sir.
K8s_Member:
Hi sir @Alistair Mackay,
> For netpols, you have to use curl in a pod that matches the network policy to try to connect to the pod that has the policy.
How can I create a new pod with specific listening port for testing purpose?
For example, Nginx is listening port 80 by default. How can I change it to fake port like 1234?
Thanks a lot.
Alistair Mackay:
You don’t create a pod to listen. You create a pod to run curl on to test connecting to the pod where you have attached the policy.
Or you exec onto the pod which is supposed to be prevented from connecting to something and run curl from there.
K8s_Member:
It seems to be your case is “Ingress”,
How about “Egress”?
Alistair Mackay:
That is the second case
> Or you exec onto the pod which is supposed to be prevented from connecting to something and run curl from there.