Skip to content

Commit a31ce29

Browse files
fjammesfjammes
committed
Update current feature
1 parent eddc908 commit a31ce29

File tree

2 files changed

+19
-25
lines changed

2 files changed

+19
-25
lines changed

labs/2_authorization/2_0_RBAC_simple.sh

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,22 +8,28 @@ ID="test" # Change this to a unique identifier if needed
88
FOO_NAMESPACE="foo-${ID}"
99
BAR_NAMESPACE="bar-${ID}"
1010

11-
echo "Creating namespaces..."
11+
PROXY_POD="curl-custom-sa"
12+
13+
ink "Creating namespaces..."
1214
kubectl create namespace "$FOO_NAMESPACE" || true
1315
kubectl create namespace "$BAR_NAMESPACE" || true
1416

15-
echo "Deploying kubectl-proxy pod in $FOO_NAMESPACE..."
16-
kubectl apply -f https://raw.githubusercontent.com/k8s-school/k8s-advanced/master/labs/2_authorization/kubectl-proxy.yaml -n "$FOO_NAMESPACE"
17+
ink "Deploying kubectl-proxy pod in $FOO_NAMESPACE..."
18+
19+
# Download the kubectl-proxy pod definition
20+
curl -s -o kubectl-proxy.yaml https://raw.githubusercontent.com/k8s-school/k8s-advanced/master/labs/2_authorization/kubectl-proxy.yaml
21+
22+
# Replace the service account name in the pod definition
23+
sed -i "s/serviceAccountName: foo/serviceAccountName: default/" kubectl-proxy.yaml
24+
25+
kubectl apply -f kubectl-proxy.yaml -n "$FOO_NAMESPACE"
1726

1827
echo "Creating services in $FOO_NAMESPACE and $BAR_NAMESPACE..."
1928
kubectl create service clusterip foo-service --tcp=80:80 -n "$FOO_NAMESPACE" || true
2029
kubectl create service clusterip bar-service --tcp=80:80 -n "$BAR_NAMESPACE" || true
2130

2231
echo "Waiting for kubectl-proxy pod to be ready..."
23-
kubectl wait --for=condition=ready pod -l app=kubectl-proxy -n "$FOO_NAMESPACE" --timeout=60s
24-
25-
echo "Fetching kubectl-proxy pod name..."
26-
PROXY_POD=$(kubectl get pods -n "$FOO_NAMESPACE" -l app=kubectl-proxy -o jsonpath="{.items[0].metadata.name}")
32+
kubectl wait --for=condition=ready pod -n "$FOO_NAMESPACE" --timeout=60s $PROXY_POD
2733

2834
echo "Creating RBAC (Role and RoleBinding) in $FOO_NAMESPACE..."
2935
kubectl apply -f - <<EOF
@@ -54,12 +60,12 @@ roleRef:
5460
apiGroup: rbac.authorization.k8s.io
5561
EOF
5662

57-
echo "Running tests inside kubectl-proxy pod..."
63+
ink "Running tests inside kubectl-proxy pod..."
5864

59-
echo "Testing access to services in $FOO_NAMESPACE (should succeed)..."
65+
ink "Testing access to services in $FOO_NAMESPACE (should succeed)..."
6066
kubectl exec -n "$FOO_NAMESPACE" "$PROXY_POD" -- curl -s -o /dev/null -w "%{http_code}" http://localhost:8001/api/v1/namespaces/"$FOO_NAMESPACE"/services
61-
62-
echo "Testing access to services in $BAR_NAMESPACE (should be forbidden)..."
67+
echo
68+
ink "Testing access to services in $BAR_NAMESPACE (should be forbidden)..."
6369
kubectl exec -n "$FOO_NAMESPACE" "$PROXY_POD" -- curl -s -o /dev/null -w "%{http_code}" http://localhost:8001/api/v1/namespaces/"$BAR_NAMESPACE"/services
64-
65-
echo "Test completed!"
70+
echo
71+
ink "Test completed!"

labs/2_authorization/kubectl-proxy.yaml

Lines changed: 0 additions & 12 deletions
This file was deleted.

0 commit comments

Comments
 (0)