I have create role and rolebinding as below
student-node ~ ➜ kubectl get rolebindings.rbac.authorization.k8s.io blue-role-binding-cka21-arch -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: “2024-09-26T05:00:46Z”
name: blue-role-binding-cka21-arch
namespace: default
resourceVersion: “2735”
uid: 2909297b-acd1-40c1-a7ab-7530ed2e34e5
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: blue-role-cka21-arch
subjects:
- kind: ServiceAccount
name: default
namespace: blue-sa-cka21-arch
student-node ~ ➜ kubectl get role blue-role-cka21-arch -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: “2024-09-26T05:00:12Z”
name: blue-role-cka21-arch
namespace: default
resourceVersion: “2685”
uid: 60cce985-5ac7-437f-aa86-109de56d12cd
rules:
- apiGroups:
- “”
resources: - pods
verbs: - get
- “”
but while checking SA is not able to get pod status
student-node ~ ➜ kubectl auth can-i get pods --as=system:serviceaccount:default:blue-sa-cka21-arch --namespace default
no
While in answer its showing it same what i have configure
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: blue-role-cka21-arch
rules:
- apiGroups: [“”]
resources: [“pods”]
verbs: [“get”]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: blue-role-binding-cka21-arch
namespace: default
subjects:
- kind: ServiceAccount
name: blue-sa-cka21-arch
namespace: default
roleRef:
kind: Role
name: blue-role-cka21-arch
apiGroup: rbac.authorization.k8s.io
Can any one let me know what wrong i have done