3

I have deployed kubernetes v1.8 in my workplace. I have created roles for admin and view access to namespaces 3months ago. In the initial phase RBAC is working as per the access given to the users. Now RBAC is not happening every who has access to the cluster is having clusteradmin access.

Can you suggest the errors/changes that had to be done?

vamsi krishna
  • 33
  • 4

1 Answers1

1

Ensure the RBAC authorization mode is still being used (--authorization-mode=…,RBAC is part of the apiserver arguments)

If it is, then check for a clusterrolebinding that is granting the cluster-admin role to all authenticated users:

kubectl get clusterrolebindings -o yaml | grep -C 20 system:authenticated

Jordan Liggitt
  • 16,933
  • 2
  • 56
  • 44
  • HI Jordan Light Thanks for helping me "--authorization-mode=…,RBAC" this is already enabled as a APISERVER arguments. Please elaborate this "kubectl get clusterrolebindings -o yaml | grep -C 20 system:authenticated". So that I can troubleshoot – vamsi krishna Jul 12 '18 at 13:00
  • Using ClusterRoleBindings and roles intended to be granted within particular namespaces using RoleBindings (admin, edit, view) and "system:authenticated" shows authenticated user(s). Please take look at this [link](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for more information about RBAC authorization. – Milad Tabrizi Jul 19 '18 at 21:38