Creating a ClusterRole to Access a PV in Kubernetes

1 hour
  • 4 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you will be tasked with accessing a persistent volume from a pod in order to view the available volumes inside the Kubernetes cluster. By default, pods cannot access volumes directly, so you will also need to create a cluster role to provide authorization to the pod. Additionally, you cannot access the API server directly without authentication, so you will need to run kubectl in proxy mode to retrieve information about the volumes.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

View the Persistent Volume
  1. Use one command that will list the persistent volumes within the cluster.
Create a ClusterRole and ClusterRoleBinding
  1. Use one command that will create a new ClusterRole with the verb get and list to the resource persistentvolumes.
  2. Use one command that will create a new ClusterRoleBinding to the ClusterRole, in the web namespace and using the default service account.
Create a pod to access the PV
  1. Create the YAML file including the two containers, using the two images tutum/curl and linuxacademycontent/kubectl-proxy.
  2. Issue a command to the curl container to sleep for 1 hour (3600 seconds).
  3. Apply the YAML to the Kubernetes cluster to run the pod.
Request access to the PV from the pod
  1. Open a shell inside the container.
  2. From the container shell prompt, issue the curl command to request persistent volumes from the API server.

Additional Resources

Access the Kubernetes cluster within this lab environment. Within the cluster, a Persistent Volume (PV) has already been provisioned. You will need to make sure you can access the PV directly from a pod within your cluster. Create a pod with two containers in order to do so.

The first container, using the image tutum/curl, will allow you to use curl to directly access the Kubernetes REST API.

The second container, using the image linuxacademycontent/kubectl-proxy, will allow you to create a proxy between the container and the Kubernetes API Server. Ensure this pod is created in the same namespace as the PV.

By default, pods cannot access PVs directly, so you will need to create a ClusterRole and test the access after it's been created. Every ClusterRole requires a ClusterRoleBinding to bind the role to a user, service account, or group. After you have created the ClusterRole and ClusterRoleBinding, try to access the PV directly from a pod.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?