Welcome to the Linux Foundation Forum!

Lab exercise 16.2 cannot be completed due to a potentially missing step

nitibhatt
nitibhatt Posts: 3
edited February 2018 in LFS258 Class Forum

 While doing lab exercise 16.2 (Authentication and authorization),  the below step even after creating a Role and Role binding

kubectl --context=DevDan-context get pods

Error from server (Forbidden): pods is forbidden: User "DevDan"

cannot list pods in the namespace "development"

Any clues?

 

Thanks,

Niti

Comments

  • serewicz
    serewicz Posts: 1,000

    Hello,

    If you are on step 9, as the directions note, you shoud expect an error.  If you have continued on to step 12 and 14 and continue to receive the same error then check that there are no typos in the role-dev.yaml or rolebind.yaml file. After creating each object you should be able to run a get and describe against each and see the expected details, then I would verify that step 5 and 6 ran without error. 

    I have just run each step from 1 to 15 and they behaved as the book suggests.   I am unsure of the issue, but would guess it has to do with YAML.

    Regards,

  • sameerp16
    sameerp16 Posts: 4

    Exercise: 15.2 Lab 15.2. Authentication and Authorization
    OPTIONAL CHALLENGE STEP:Become theDevDanuser. Solve any missing configuration errors. Try to createa deployment in thedevelopmentand theproductionnamespaces. Do the errors look the same? Configure asnecessary to only have two contexts available to DevDan

    [email protected]:/$ kubectl config get-contexts
    CURRENT NAME CLUSTER AUTHINFO NAMESPACE

    **There is no contexts for user DevDan - What am missing here ? **

    [email protected]:/$ kubectl config view
    apiVersion: v1
    clusters: null
    contexts: null
    current-context: ""
    kind: Config
    preferences: {}
    users: null

  • serewicz
    serewicz Posts: 1,000

    Hello,

    A user's context is not the same as RBAC ability to complete a task. A context is a combination of a user, namespace, and cluster - which RBAC may apply, but does not set the RBAC for that combination. The RBAC settings would be something the cluster admin does, whereas the context is something the user leverages to make it easy to connect and run commands across one or more clusters.

    Regards,

  • sameerp16
    sameerp16 Posts: 4

    So is this the expected output? or what command will work here to view the context for user=DevDan?

Categories

Upcoming Training