RBAC

Steps

  1. Create 2 namespaces, foo-<ID> and bar-<ID>
Solution
kubectl create namespace foo-<ID>
kubectl create namespace bar-<ID>
  1. Create a kubectl-proxy pod inside foo-<ID>, which uses the service account foo-<ID>:default (the “default” service account of the namespace foo-<ID>)
  2. Create a service inside namespaces foo-<ID> and bar-<ID>
    • Use kubectl create service --help for guidance
  3. Run curl inside the container kubectl-proxy/main against the API server service URL for namespaces foo-<ID> and bar-<ID>
    • Example: http://localhost:8001/api/v1/namespaces/default/services
  4. Inside namespace foo-<ID>, create a role service-reader, and a rolebinding for serviceaccount foo-<ID>:default
  5. Run curl inside the container kubectl-proxy/main against the API server service URL for namespaces foo-<ID> and bar-<ID>

Reference

For more details, check the k8s-school authorization lab.