all
Currently I'm setting the RBAC in the following way:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
subjects:
- kind: User
name: system:serviceaccount:default:default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.ioHowever I want to include the namespace value for User, I just changed above code into this
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
subjects:
- kind: User
name: system:serviceaccount:$(namespace):default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.ioand I create the resource in this way kubectl apply -f k8s -n akka
Forbidden to communicate with Kubernetes API server; check RBAC settings. Response: [{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \"system:serviceaccount:akka:default\" cannot list resource \"pods\" in API group \"\" in the namespace \"akka\"","reason":"Forbidden","details":{"kind":"pods"},"code":403}Seems NOT WORKING, so my question is is there anyway to insert the namespace value for the field? Thanks in advance...
One way to update environment variables in k8s manifests is to use envsubst.
Follow the below steps
envsubst your-manifest.yaml | kubectl apply -f -