Create a service account and save the token
Install the log socket service
helm install log-socket Logging-with-RBAC/log-socketkubectl create sa alice
export ALICE_TOKEN=$(kubectl get secret $(kubectl get sa alice -o=jsonpath='{.secrets[0].name}') -o=jsonpath='{.data.token}' | base64 -D)kubectl create sa bob
export BOB_TOKEN=$(kubectl get secret $(kubectl get sa bob -o=jsonpath='{.secrets[0].name}') -o=jsonpath='{.data.token}' | base64 -D)Add policy label to the Pod
helm upgrade foo LetsHelpBob/log-generator --set extraLabels.rbac/default_alice=allowhelm install bar LetsHelpBob/log-generator --set extraLabels.rbac/default_bob=allow --set extraLabels.rbac/default_alice=allowTail the flow
./k8stail flow default/geoip-flow --token $ALICE_TOKEN 2>/dev/null | jq -r 'if .kubernetes != null then "[ALICE]: \(.kubernetes.pod_name)" else "[ALICE]: \(.error)" end'./k8stail flow default/geoip-flow --token $BOB_TOKEN 2>/dev/null | jq -r 'if .kubernetes != null then "[BOB]: \(.kubernetes.pod_name)" else "[BOB]: \(.error)" end'kubectl get logging-all
kubectl get output geoip-flow-tailer -o yaml|yq
kubectl get flow geoip-flow -o yaml|yq
Get all object that I can grab log from
kubectl get po -l rbac/default_alice=allow -A helm upgrade bar LetsHelpBob/log-generator --set extraLabels.rbac/default_bob=allow --set extraLabels.rbac/default_alice=deny