Exploring Predefined ClusterRoles
Explore all the pre-defined Clusteroles.
Switching from John to ourselves
John is frustrated. They can access the cluster, but they are not permitted to perform any operation. They cannot even list the Pods. Naturally, they asked us to be more generous and allow them to work with our cluster.
Since we are not taking anything for granted, we decided that the first action should be to verify John’s claim. Is it true that they cannot even retrieve the Pods running inside the cluster?
Before we move on, we’ll stop impersonating John and go back to using the cluster with full administrative privileges granted to the admin user.
kubectl config use-context k3d-myclusterkubectl get all
Now that we’ve switched to the k3d-mycluster context, we regain full permissions, and kubectl get all returns all the objects from the default namespace.
Let’s verify ifJohn indeed cannot list Pods in the default namespace.
We could configure the same certificates as they’re using, but that would complicate the process. Instead, we’ll use a kubectl command that will allow us to check whether we could perform an action if ...