Skip to content

Instantly share code, notes, and snippets.

@alexeldeib

alexeldeib/rbac.yaml

Created January 20, 2021 02:30
Show Gist options
  • Save alexeldeib/c1d497b3aaa3dab1842189a781f08ec6 to your computer and use it in GitHub Desktop.
Save alexeldeib/c1d497b3aaa3dab1842189a781f08ec6 to your computer and use it in GitHub Desktop.
Download ZIP
RBAC case-sensitivity demonstration
Raw
rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: config-map
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: config-map
rules:
- apiGroups:
- ""
resources:
- ConfigMaps
verbs:
- get
- list
- watch
- create
- delete
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: config-map
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: config-map
subjects:
- kind: ServiceAccount
name: config-map
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: config-map-command
data:
entrypoint.sh: |
#!/usr/bin/env bash
set -o nounset
set -o errexit
set -o pipefail
apt update && apt install -y curl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
./kubectl get configmaps -A || true
sleep infinity
---
apiVersion: v1
kind: Pod
metadata:
name: rbac-test
spec:
serviceAccountName: config-map
containers:
- name: ubuntu
image: ubuntu:18.04
command: ["bash", "/config/entrypoint.sh"]
volumeMounts:
- name: entrypoint
mountPath: /config
volumes:
- name: entrypoint
configMap:
name: config-map-command
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment