Now that the user, Role, and RoleBinding are defined, lets switch back to rbac-user, and test.
To switch back to rbac-user, issue the following command that sources the rbac-user env vars, and verifies they’ve taken:
. rbacuser_creds.sh; aws sts get-caller-identity
You should see output reflecting that you are logged in as rbac-user.
As rbac-user, issue the following to get pods in the rbac namespace:
kubectl get pods -n rbac-test
The output should be similar to:
Try running the same command again, but outside of the rbac-test namespace:
kubectl get pods -n kube-system
You should get an error similar to:
Because the role you are bound to does not give you access to any namespace other than rbac-test.