Questions tagged [kubernetes-rbac]
64 questions
0
votes
0 answers
Service Account in K8s have access to other namespaces that are not part of its role
I want to create a service account that can access to specific namespaces, so far some rules are working the issue comes when I export the KUBECONFIG, this service account can do anything in other pods that are in other NS that this account should…
0
votes
1 answer
Kubernetes using multiple api group in same rule. YAML
I have a kind: Role with the following rule
rules:
- apiGroups: [""]
resources: ["namespaces", "configmaps", "secrets", "pods", "replicationcontrollers", "services", "serviceaccounts"]
verbs: ["get", "watch", "list"]
This works fine…

adam sranko
- 187
- 9
0
votes
1 answer
Creating an AKS cluster with Kubernetes RBAC and AD Integration using a Service Principal. How can it also assign itself cluster admin?
I have a service principal which is an Owner on the subscription that I am using to create an Azure Kubernetes Service cluster as part of a script. I want my cluster to use:
Kubernetes RBAC --> enable
AKS-managed AAD --> enable
Local accounts -->…

floaty39
- 47
- 4
0
votes
0 answers
RBAC Policy Action Rule definition for excluding the URLS from policy
I have below two policy in my Values.yaml file. By default in policy one(USER_POLICY) I am allowing all the end point so i have just defined my context root(/v2/trans/brokerage/external) and allowed all http method. but out of it i just want…

jcrshankar
- 1,165
- 8
- 25
- 45
0
votes
1 answer
Add RBAC to Azure Kubernetes ( AKS ) after the cluster has already been created
I need to add RBAC to my AKS, but when I go to Azure portal it says that it's a creation operation and that it's not possible to update it afterwards.
Do I need to tear down the whole cluster and create a new one with RBAC enabled to make use of…

Domenico
- 1
0
votes
1 answer
How to allow only one user to be able to access only one pod within an openshift project?
I need solve an issue about pod access inside a given project.
One given user, just need to do oc exec in a specific pod, inside a specific project.
The user has the lowest rbac profile inside the cluster.
Was assigned the admin role to user. This…

Mad Rudder Man
- 1
- 1
0
votes
1 answer
Azure Kubernets Service: Regular user with RBAC enabled cluster has system:masters role
I have set up a AKS cluster from portal. With Kubernets RBAC enabled but no integration with AAD.
When i am logged in with my user(which is also cluster admin) and perform az aks get-credentials --name --resource-group…

GPuri
- 495
- 4
- 11
0
votes
0 answers
kubernetes ClusterRole aggregationRule - clusterRoleSelectors by name
I was trying to create a ClusterRole based on the default view ClusterRole, and apply extra rules to the new ClusterRole. The problem is that the default system clusterRole view does not have a unique label selector.
I would like to achive something…

shady
- 455
- 1
- 7
- 18
0
votes
0 answers
Kubeflow issue: "RBAC access denied" with TALOS
I have installed kubeflow 1.6.1 thanks to kustomize (https://github.com/kubeflow/manifests) on Kubernetes cluster version v1.22.9
This cluster runs on Talos OS v1.1.2
When I connect to kubeflow, I get a error message "RBAC: access denied"
I have…

Yann
- 1
- 1
0
votes
1 answer
Pod not able to read ConfigMap despite Role and RoleBinding being in place
I would like permit a Kubernetes pod in namespace my-namespace to access configmap/config in the same namespace. For this purpose I have defined the following role and rolebinding:
apiVersion: v1
kind: List
items:
- kind: Role
apiVersion:…

rookie099
- 2,201
- 2
- 26
- 52
0
votes
0 answers
Why do Lens ReadOnly users need to create services/proxy to view metrics in the UI
Question:
Why do users have to be able to have the rbac permission to create services/proxy inorder to view metrics via lens?
Recently I created an aws-auth entry mapping readOnly developers to the default 'view' group which gives all permissions…

Cian
- 33
- 1
- 6
0
votes
1 answer
Unable to access prometheus endpoint using the ip address after deployment using serviceaccount and rbac
I am using this link to set up Prometheus using servicemonitoring and RBAC rules.
After deployment, I am trying to access prometheus endpoint using http://:32001 to display the metrics.
I am also trying to add the prometheus…
0
votes
1 answer
Any docs on what rights need to be given to do a thing on kubernetes?
Here my first ServiceAccount, ClusterRole, And ClusterRoleBinding
---
# Create namespace
apiVersion: v1
kind: Namespace
metadata:
name: devops-tools
---
# Create Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
namespace:…

Bino Oetomo
- 571
- 1
- 10
- 23
0
votes
0 answers
How can I restrict the access to the cluster or to the cluster resources ( namespaces, pods ...)?
I have a kubernetes cluster installed using 5 Virtual machines. 1 for the kubernetes master, and the other for the workers.
I tried using RBAC method, I created a kubeconfig file to give access to only one namespace, when I test it using (kubectl…

Elpis
- 5
- 8
0
votes
2 answers
setting up build pod: Timed out while waiting for ServiceAccount/ to be present in the cluster
I am using helm charts to deploy Gitlab Runner into Kubernetes cluster. I want that the created pods when runner is triggered to have a costume services account instead of the default one. I did create role and cluster role and did the role…

Kingindanord
- 1,754
- 2
- 19
- 48