Update current feature

labs/2_authorization/2_RBAC_role.sh

@@ -37,7 +37,7 @@ do
 done
 ink "Set the namespace preference to 'foo'"
 ink "so that all kubectl command are ran in ns 'foo' by default"
-kubectl config set-context $(kubectl config current-context) --namespace=foo
+kubectl config set-context --current --namespace=foo
 
 ink "Create pod using image 'k8sschool/kubectl-proxy', and named 'shell' in ns 'foo'"
 kubectl run shell --image=k8sschool/kubectl-proxy:$KUBECTL_PROXY_VERSION

labs/3_policies/ex2-podsecurity.sh

@@ -209,14 +209,18 @@ spec:
     args:
     - sleep
     - "1000000"
+    # Required for restricted level
     securityContext:
       seccompProfile:
         type: RuntimeDefault
+    ###
       runAsNonRoot: true
       allowPrivilegeEscalation: false
+      # Required for restricted level
       capabilities:
         drop:
           - ALL
+      ###
         add:
           - NET_BIND_SERVICE
 EOF

labs/3_policies/ex4-network.sh

@@ -160,7 +160,7 @@ kubectl exec -n "$NS" webserver -- netcat -q 2 -zv pgsql-postgresql 5432
 set +x
 ink "webserver to external pod"
 set -x
-if kubectl exec -n "$NS" webserver -- netcat -q 2 -nzv $EXTERNAL_IP 80
+if kubectl exec -n "$NS" webserver -- netcat -w 3 -nzv $EXTERNAL_IP 80
 then
     set +x
     ink -r "ERROR this connection should have failed"
@@ -174,7 +174,7 @@ fi
 set +x
 ink "external pod to database"
 set -x
-if kubectl exec -n "$NS" external -- netcat -w 2 -zv pgsql-postgresql 5432
+if kubectl exec -n "$NS" external -- netcat -w 3 -zv pgsql-postgresql 5432
 then
     set +x
     ink -r "ERROR this connection should have failed"
@@ -188,7 +188,7 @@ fi
 set +x
 ink "external pod to outside world"
 set -x
-if kubectl exec -n "$NS" external -- netcat -w 2 -zv www.k8s-school.fr 80
+if kubectl exec -n "$NS" external -- netcat -w 3 -zv www.k8s-school.fr 80
 then
     set +x
     ink -r "ERROR this connection should have failed"