Questions tagged [kubernetes-rbac]

64 questions
0
votes
0 answers

Service Account in K8s have access to other namespaces that are not part of its role

I want to create a service account that can access to specific namespaces, so far some rules are working the issue comes when I export the KUBECONFIG, this service account can do anything in other pods that are in other NS that this account should…
0
votes
1 answer

Kubernetes using multiple api group in same rule. YAML

I have a kind: Role with the following rule rules: - apiGroups: [""] resources: ["namespaces", "configmaps", "secrets", "pods", "replicationcontrollers", "services", "serviceaccounts"] verbs: ["get", "watch", "list"] This works fine…
adam sranko
  • 187
  • 9
0
votes
1 answer

Creating an AKS cluster with Kubernetes RBAC and AD Integration using a Service Principal. How can it also assign itself cluster admin?

I have a service principal which is an Owner on the subscription that I am using to create an Azure Kubernetes Service cluster as part of a script. I want my cluster to use: Kubernetes RBAC --> enable AKS-managed AAD --> enable Local accounts -->…
0
votes
0 answers

RBAC Policy Action Rule definition for excluding the URLS from policy

I have below two policy in my Values.yaml file. By default in policy one(USER_POLICY) I am allowing all the end point so i have just defined my context root(/v2/trans/brokerage/external) and allowed all http method. but out of it i just want…
jcrshankar
  • 1,165
  • 8
  • 25
  • 45
0
votes
1 answer

Add RBAC to Azure Kubernetes ( AKS ) after the cluster has already been created

I need to add RBAC to my AKS, but when I go to Azure portal it says that it's a creation operation and that it's not possible to update it afterwards. Do I need to tear down the whole cluster and create a new one with RBAC enabled to make use of…
0
votes
1 answer

How to allow only one user to be able to access only one pod within an openshift project?

I need solve an issue about pod access inside a given project. One given user, just need to do oc exec in a specific pod, inside a specific project. The user has the lowest rbac profile inside the cluster. Was assigned the admin role to user. This…
0
votes
1 answer

Azure Kubernets Service: Regular user with RBAC enabled cluster has system:masters role

I have set up a AKS cluster from portal. With Kubernets RBAC enabled but no integration with AAD. When i am logged in with my user(which is also cluster admin) and perform az aks get-credentials --name --resource-group…
GPuri
  • 495
  • 4
  • 11
0
votes
0 answers

kubernetes ClusterRole aggregationRule - clusterRoleSelectors by name

I was trying to create a ClusterRole based on the default view ClusterRole, and apply extra rules to the new ClusterRole. The problem is that the default system clusterRole view does not have a unique label selector. I would like to achive something…
shady
  • 455
  • 1
  • 7
  • 18
0
votes
0 answers

Kubeflow issue: "RBAC access denied" with TALOS

I have installed kubeflow 1.6.1 thanks to kustomize (https://github.com/kubeflow/manifests) on Kubernetes cluster version v1.22.9 This cluster runs on Talos OS v1.1.2 When I connect to kubeflow, I get a error message "RBAC: access denied" I have…
Yann
  • 1
  • 1
0
votes
1 answer

Pod not able to read ConfigMap despite Role and RoleBinding being in place

I would like permit a Kubernetes pod in namespace my-namespace to access configmap/config in the same namespace. For this purpose I have defined the following role and rolebinding: apiVersion: v1 kind: List items: - kind: Role apiVersion:…
rookie099
  • 2,201
  • 2
  • 26
  • 52
0
votes
0 answers

Why do Lens ReadOnly users need to create services/proxy to view metrics in the UI

Question: Why do users have to be able to have the rbac permission to create services/proxy inorder to view metrics via lens? Recently I created an aws-auth entry mapping readOnly developers to the default 'view' group which gives all permissions…
Cian
  • 33
  • 1
  • 6
0
votes
1 answer

Unable to access prometheus endpoint using the ip address after deployment using serviceaccount and rbac

I am using this link to set up Prometheus using servicemonitoring and RBAC rules. After deployment, I am trying to access prometheus endpoint using http://:32001 to display the metrics. I am also trying to add the prometheus…
0
votes
1 answer

Any docs on what rights need to be given to do a thing on kubernetes?

Here my first ServiceAccount, ClusterRole, And ClusterRoleBinding --- # Create namespace apiVersion: v1 kind: Namespace metadata: name: devops-tools --- # Create Service Account apiVersion: v1 kind: ServiceAccount metadata: namespace:…
Bino Oetomo
  • 571
  • 1
  • 10
  • 23
0
votes
0 answers

How can I restrict the access to the cluster or to the cluster resources ( namespaces, pods ...)?

I have a kubernetes cluster installed using 5 Virtual machines. 1 for the kubernetes master, and the other for the workers. I tried using RBAC method, I created a kubeconfig file to give access to only one namespace, when I test it using (kubectl…
Elpis
  • 5
  • 8
0
votes
2 answers

setting up build pod: Timed out while waiting for ServiceAccount/ to be present in the cluster

I am using helm charts to deploy Gitlab Runner into Kubernetes cluster. I want that the created pods when runner is triggered to have a costume services account instead of the default one. I did create role and cluster role and did the role…
Kingindanord
  • 1,754
  • 2
  • 19
  • 48