Mayur Shivram Kadam:
While practising the Labs for ClusterRole bindings, i am able to create the culsterrole and clusterrolebinding and the answer is validated successfully, but when i’m trying to check the permission to the user using --as i see the user does not have the clusterrole permission given to the user. Why is this so ?
Can someone please help/guide me here to understand ?
@Mumshad Mannambeth @Vijin Palazhi @Tej_Singh_Rana :
root@controlplane:~# k create clusterrole storage-admin --resource=persistentvolumes,storageclasses --verb=get
<http://clusterrole.rbac.authorization.k8s.io/storage-admin|clusterrole.rbac.authorization.k8s.io/storage-admin> created
root@controlplane:~#
root@controlplane:~#
root@controlplane:~# k create clusterrolebinding michelle-storage-admin --user=michelle --clusterrole=storage-admin
<http://clusterrolebinding.rbac.authorization.k8s.io/michelle-storage-admin|clusterrolebinding.rbac.authorization.k8s.io/michelle-storage-admin> created
root@controlplane:~#
root@controlplane:~#
root@controlplane:~# k get pv --as michelle
Error from server (Forbidden): persistentvolumes is forbidden: User "michelle" cannot list resource "persistentvolumes" in API group "" at the cluster scope
root@controlplane:~#
root@controlplane:~#
root@controlplane:~# k describe clusterrole storage-admin
Name: storage-admin
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [get]
<http://storageclasses.storage.k8s.io|storageclasses.storage.k8s.io> [] [] [get]
root@controlplane:~#