Back to Challenges
IntermediateRBAC & SecurityFix
Grant Access
Your app needs to talk to the Kubernetes API. But by default, pods can't do much - you have to grant permissions explicitly. And when you grant them, scope matters.
20 min
Initial Situation
A monitoring application is deployed but getting Forbidden errors on every API call. The app uses a dedicated ServiceAccount, but it has no permissions at all. It needs to list pods and read ConfigMaps in its namespace. It must NOT have access to Secrets — that would be a security violation.
Your Mission0/4
Loading validation status...
Start this challenge in your local Kubernetes cluster:
$ kubeasy challenge start grant-access