Stack Overflow
Stack Overflow

Questions tagged [k8s-serviceaccount]

77 questions
0
votes
0 answers

kubectl get AzureAssignedIdentities -A -o yaml is empty

I am trying to deploy an api version with the following templates: "apiVersion": "apiextensions.k8s.io/v1", "kind": "CustomResourceDefinition", "metadata": { "name": "azureassignedidentities.aadpodidentity.k8s.io" }, "spec":{ "conversion": { …
Joji
  • 1
  • 1
  • 1
0
votes
0 answers

No matches for kind "HelmChart" in version "helm.cattle.io/v1"

I am trying to create jenkins from helmChart, I used this way a year ago and it worked but now it is not working and I got this error when I tried to apply the yaml file kubectl apply -f helm.yaml -n jenkins: no matches for kind "HelmChart" in…
Sara
  • 113
  • 1
  • 1
  • 8
0
votes
1 answer

Access kubernetes cluster that has oidc configured via an application inside the cluster

I want my in-cluster deployment of a app to access the kubernetes cluster that has oidc configured, how do i do that, I know one way is via service accounts but do we have something where we can use the oidc flow and the token received to make…
ashu8912
  • 63
  • 6
0
votes
1 answer

How to write a psp in k8s only for a specific user?

minikube start --extra-config=apiserver.enable-admission-plugins=PodSecurityPolicy --addons=pod-security-policy we have a default namespace in which the nginx service account does not have the rights to launch the nginx container when creating a…
Iceforest
  • 309
  • 1
  • 11
0
votes
1 answer

Modify ClusterRole for Kubernetes

I want to use the ClusterRole edit for some users of my Kubernetes cluster (https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles). However, it is unfortunate that the user can be accessing and modifying Resource Quotas and…
tobias
  • 501
  • 1
  • 6
  • 15
0
votes
1 answer

Using k8s internal dns for k8s apps result in http 502 errors on scaling

I have an k8s application "alpha" running under the k8s service dns exposed as alpha-service.namespace, which is used by another application - "beta". Application "beta" connects to application "alpha" via the service dns "alpha-service.namespace".…
Valerian Pereira
  • 725
  • 1
  • 6
  • 16
0
votes
1 answer

Programmatically create users in Kubernetes

I am looking for a way to create/retrieve/update/delete a user in Kubernetes, such that I can allow him certain stuff via RoleBindings. Everything I have found is more or less manual work on the master node. However, I imagine a service deployed in…
tobias
  • 501
  • 1
  • 6
  • 15
0
votes
2 answers

Role definition for Kubernetes user to work on single namespace

I am currently facing the current situation. I want to give users access to individual namespaces, such that they can create and deploy ressources with Helm charts (for instance, from Bitnami) On the other hand the users are not supposed…
tobias
  • 501
  • 1
  • 6
  • 15
0
votes
2 answers

Communication between Pods inside k8s cluster

** disclaimer: I am very shallow in infra topic, but hope my explanation of the case is understandable. Sorry for a possible inaccuracy in terminology. I have an application working in k8s which is represented by a pod (Pod#1) with a single…
Petukhou Mikita
  • 49
  • 6
0
votes
0 answers

Kubernetes RBAC ClusterRole

I'm trying to deploy some deployments out of my gitlab runner. I do not see the error in my clusterrole and in the rolebindng. Here the error I get: from server for: "./deployment.yaml": deployments.apps "demo-deployment" is forbidden: User…
Ben Stuk
  • 1
0
votes
0 answers

Why does helm3 install trigger pre-delete and not in Helm2

I have a project that needs to use mutating Webhook, based on namespaceselector, which needs to add specific label to namespace first. I used three hooks, hook1(pre-install, pre-delete,etc) to create RBAC for hook2(pre-install) to add a label to…
moluzhui
  • 1,003
  • 14
  • 34
0
votes
1 answer

AWS IAM Role - AccessDenied error in one pod

I have a service account which I am trying to use across multiple pods installed in the same namespace. One of the pods is created by Airflow KubernetesPodOperator. The other is created via Helm through Kubernetes deployment. In the Airflow…
JavaTechnical
  • 8,846
  • 8
  • 61
  • 97
0
votes
1 answer

Serviceaccount name does not "stick" to Argo Workflow when memoizing

I am trying to run a workflow (https://github.com/argoproj/argo-workflows/blob/master/examples/memoize-simple.yaml) with limited permissions in Argo. I am specifying a serviceaccount with the requisite permissions in the execution command and in the…
user3877654
  • 1,045
  • 1
  • 16
  • 40
0
votes
1 answer

Why kubernetes default service account has full access to the API on docker desktop?

As far as i know the default service account in Kubernetes should not have any permissions assigned. But still I can perform following from the pod on my docker desktop…
Marcin
  • 1,113
  • 1
  • 11
  • 33
0
votes
0 answers

Forbidden error while describe/scale deployment by user system:node:ip.xx

I'm trying to execute K8S kubectl cmds from inside the container(name: autodeploy). I have configured ClusterRole, ServiceAccount and ClusterRoleBinding. But getting Forbidden error while performing Describe and Scale actions on K8S…
Prakash26790
  • 727
  • 9
  • 29
1 2 3 4
5
6