Update current feature

k8s-school · Oct 16, 2024 · 7c9a0ea · 7c9a0ea
1 parent fde0daa
commit 7c9a0ea
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 6 deletions.
diff --git a/TODO.org b/TODO.org
@@ -1,3 +1,5 @@
+* TODO speak about https://docs.openshift.com/container-platform/4.14/applications/quotas/quotas-setting-across-multiple-projects.html
+* TODO rbac-analysis PR. show solution with rbac-analysis how to find clusterrolebinding, rbac-analysis does not display the namespace for "default" SA (make an issue??)
 * TODO understand the subjec-review command
 {openshift@k8s-toolbox:~}$ oc adm policy scc-subject-review -z system:serviceaccount:scc-openshift:fake-user -f ~/tmp/ubuntu-privileged.yaml
 RESOURCE                ALLOWED BY
@@ -9,9 +11,8 @@ Pod/ubuntu-privileged   fake-user         hostpath-provisioner
 * TODO Improve docker management on fedora:
 https://unix.stackexchange.com/questions/203168/docker-says-no-space-left-on-device-but-system-has-plenty-of-space
 * TODO scc/pod-security synchro: https://docs.openshift.com/container-platform/4.14/authentication/understanding-and-managing-pod-security-admission.html
-* TODO scenario for etcd backup/restore
 * TODO how to get all kubernetes rbac verbs?
-* TODO show solution with rbac-analysis how to find clusterrolebinding, rbac-analysis does not display the namespace for "default" SA (make an issue??)
 * TODO https://docs.openshift.com/container-platform/4.14/applications/quotas/quotas-setting-across-multiple-projects.html
-* TODO https://passt.top/passt/about/
-* TODO devcontainers
+* TODO devcontainers
+* DONE https://passt.top/passt/about/
+* DONE scenario for etcd backup/restore
diff --git a/labs/2_authorization/2_RBAC_role.sh b/labs/2_authorization/2_RBAC_role.sh
@@ -37,7 +37,7 @@ do
 done
 ink "Set the namespace preference to 'foo'"
 ink "so that all kubectl command are ran in ns 'foo' by default"
-kubectl config set-context $(kubectl config current-context) --namespace=foo
+kubectl config set-context --current --namespace=foo
 
 ink "Create pod using image 'k8sschool/kubectl-proxy', and named 'shell' in ns 'foo'"
 kubectl run shell --image=k8sschool/kubectl-proxy:$KUBECTL_PROXY_VERSION

diff --git a/labs/3_policies/ex3-scc.sh b/labs/3_policies/ex3-scc.sh
@@ -51,7 +51,7 @@ alias kubectl-user='kubectl --as=system:serviceaccount:$NS:$SA -n "$NS"'
 
 # See https://kubernetes.io/docs/concepts/policy/pod-security-policy/#run-another-pod
 ink "Reset scc namespace $NS and remove related scc"
-kubectl config set-context $(kubectl config current-context) --namespace=$NS
+kubectl config set-context --current --namespace=$NS
 for policy in anyuid hostpath-provisioner
 do
     for sa in $SA default