CKA Quick Check Points -- RBAC

This is a quick recap for RBAC, more details can check the official doc or click the tiltle links.

ServiceAccount (sa)

1. Yaml File

2. CMD

kubectl create serviceaccount NAME -n NAMESPACE

Role/Clusterrole

1. Yaml File

2. CMD

kubectl create [role|clusterrole] NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename]

Rolebinding/Clusterrolebinding

1. Yaml File

2. CMD

kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname]
[--serviceaccount=namespace:serviceaccountname]
kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname]
[--serviceaccount=namespace:serviceaccountname]

Usage & Quick Verify

1. Usage

Pod yaml file add spec.serviceAccountName

2. Quick Verify

kubectl auth can-i VERB RESOURCE --as=[USER|SA] -n NAMESPACE

more verifications can check details.