Once VTAdmin has obtained an actor from the incoming request, VTAdmin validates the actor against the RBAC. As such, the flow of handling the permissions of incoming requests looks as such: Authentication interface: https://github.com/vitessio/vitess/blob/da1906d54eaca4447e039d90b96fb07251ae852c/g o/vt/vtadmin/rbac/authentication.go#L37. Vitess links to an example authentication plugin which is available here: https://gist The logic is implemented here: https://github.com/vitessio/vitess/tree/main/go/vt/vtadmin/rbac. VTAdmin checks RBAC rules in the route handlers with a call to IsAuthorized, for example: https://github.c

Install etcd-operator: git clone git@github.com:coreos/etcd-operator.git cd etcd-operator example/rbac/create_role.sh kubectl create -f example/deployment.yaml 4. Install the MySQL client locally. For