Solution

.infrastructure/app/deployment.yml

@@ -17,7 +17,7 @@ spec:
       labels:
         app: todoapp
     spec:
-      serviceAccountName: secrets-reader
+      serviceAccountName: secrets-lister
       containers:
       - name: todoapp
         image: ikulyk404/todoapp:4.0.1
@@ -91,4 +91,4 @@ spec:
           secretName: app-secret
       - name: app-config-volume
         configMap:
-          name: app-config
+          name: app-config

.infrastructure/security/rbac.yml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secrets-lister
+  namespace: todoapp
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secrets-lister
+  namespace: todoapp
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secrets-lister-binding
+  namespace: todoapp
+subjects:
+  - kind: ServiceAccount
+    name: secrets-lister
+roleRef:
+  kind: Role
+  name: secrets-lister
+  apiGroup: rbac.authorization.k8s.io

README.md

@@ -1,45 +1,28 @@
-# Django ToDo list
+## To validate changes
+Spin up a cluster from a `cluster.yml`
 
-This is a todo list web application with basic features of most web apps, i.e., accounts/login, API, and interactive UI. To do this task, you will need:
+    kind create cluster --config cluster.yml
 
-- CSS | [Skeleton](http://getskeleton.com/)
-- JS  | [jQuery](https://jquery.com/)
+aplly all manifests
 
-## Explore
+    sh bootstrap.sh
 
-Try it out by installing the requirements (the following commands work only with Python 3.8 and higher, due to Django 4):
+apply rbac.yml and deployment.yml
 
-```
-pip install -r requirements.txt
-```
+    kubectl.exe apply -f .infrastructure/security/rbac.yml
+    kubectl.exe apply -f .infrastructure/app/deployment.yml
 
-Create a database schema:
+open created pods
 
-```
-python manage.py migrate
-```
+    kubectl exec <pods name> -it -n todoapp -- sh
 
-And then start the server (default is http://localhost:8000):
+apply next command
 
-```
-python manage.py runserver
-```
+    APISERVER=https://kubernetes.default.svc
+    SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+    TOKEN=$(cat ${SERVICEACCOUNT}/token)
+    CACERT=${SERVICEACCOUNT}/ca.crt
 
-Now you can browse the [API](http://localhost:8000/api/) or start on the [landing page](http://localhost:8000/).
+and check our secrets
 
-## Task
-
-1. Fork this repository.
-1. Use `kind` to spin up a cluster from a `cluster.yml` configuration file.
-1. Create a manifest  named `rbac` inside a `security` directory
-1. `rbac` manifest requirements:
-    1. File should containa `ServiceAccount` definition
-    1. File should contain a `Role` definition
-    1. Role should allow to list secrets
-    1. File should contain a `RoleBinding` definition
-    1. RoleBinding should bind the `Role` to the `ServiceAccount`
-1. Use newly created `ServiceAccount` should be used by the `Deployment` in the `deployment` manifest
-1. Execute a curl command to list secrets from the `Deployment` pod to list secrets
-1. Make a screenshot of the output and attach it to the PR
-1. `README.md` should have instructuions on how to validate the changes
-1. Create PR with your changes and attach it for validation on a platform.
+    curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/todoapp/secrets