Peeking into Pre-Defined Cluster Roles
In this lesson, we will look into all the pre-defined cluster roles.
Switching from John to Us
John is frustrated. He can access the cluster, but he is not permitted to perform any operation. He cannot even list the Pods. Naturally, he asked us to be more generous and allow him to “play” with our cluster.
Since we are not taking anything for granted, we decided that the first action should be to verify John’s claim. Is it true that he cannot even retrieve the Pods running inside the cluster?
Before we move further, we’ll stop impersonating John and go back to using the cluster with god-like administrative privileges granted to the minikube
user.
kubectl config use-context minikubekubectl get all
Now that we switched to the minikube
context (and the minikube
user), we regained full permissions, and kubectl get all
returned all the objects from the default
Namespace.
Let’s verify that John indeed cannot list Pods in the default
Namespace.
We could configure the same certificates as those he’s using, but that would complicate the process. Instead, we’ll use a kubectl
command that will allow us to check whether we could perform an action if we would be a ...