K auth can-i command

v_2prasc · April 18, 2024, 3:35pm

During the lab has anyone had trouble with K auth can-i command on the service account? I finally found a suggestion on the stackoverflow to try with system prefix e.g.
kubectl auth can-i create servicemonitor --as=system:serviceaccount:staging:tiller -n staging

Which seemed to work but I am not sure if it is the correct method, as help does not show and lab video does not have that method. I was able to get yes upon checking with system prefix but I still got crash state on pod during deployment

rob_kodekloud · April 18, 2024, 5:01pm

That is indeed the correct syntax – system:serviceaccount:NS:SA_NAME is used for --as. The pod crashing is probably for a different reason, although I’d need to see your pod YAML to know why it’s crashing.

v_2prasc · April 18, 2024, 6:19pm

I only added serviceAccountName:xxxx. Unless I should include securityContext before serviceAccountName. It is added at same indentation of Container