Hello, I seem to have issues with RBAC: the can-i command never returns yes.
I am doing some of the mock exams and I always have failures on RBAC.
For example, in the exercise below I deleted the ClusterRoleBinding (that linked the SA to the ClusterRole) and created a separated Role + RoleBinding that only allow to get the nodes in the default namespace
But even though the config is there, the SA does not seem to be able to get the nodes.
Another one is this:
- I created the SA with the same name in all the existing namespaces (did not know how to give access to all the namespaces to a SA that exists only in 1 namespace)
- I modified the ClusterRole to allow only get namespaces and nothing else. The ClusterRoleBinding already existed, so no need to changes there.
But still I can a no from the k auth can-i command.
Does anyone see what I do wrong and can let me know? Thanks a lot in advance!