Stack Overflow
Stack Overflow

Questions tagged [kubernetes-rbac]

64 questions
0
votes
1 answer

what is config-mode in kubeconfig file?

I see there is a field "config-mode" in Kubernetes configuration file (kubeconfig). users: - name: myuser user: auth-provider: config: access-token: xxxxx apiserver-id: xxxxx client-id: xxxxx config-mode:…
RMNull
  • 149
  • 3
  • 12
0
votes
0 answers

filebeat Failed to list *v1.Pod: Unauthorized - permmision issue

i am trying to deploy a filebeat deamonset on my aks cluster i want it to run on every node and collect all the logs generated by the pods to do so i have 5 steps 1.create user 2.create role with appropriate permissions 3.bind them 4.create config…
Ariel Tarayants
  • 149
  • 6
0
votes
2 answers

how to specify kubernetes RBAC permissions for scaling a specific deployment

I'm trying to give a group of users permission to scale a specific set of deployments in kubernetes 1.20 I've tried using the API reference doc here:…
conmanworknor
  • 13
  • 5
0
votes
1 answer

Allowing patching of Kubernetes resource metadata through a role

Is it somehow possible to seperately allow patching of resources' metadata through a role in a Kubernetes cluster? I would like to solely allow patching of namespace's metadata without giving write permissions to the whole namespace object. The…
roehrijn
  • 1,387
  • 1
  • 11
  • 20
0
votes
1 answer

Reset/remove kubeconfig file user from Kubernetes

Whenever you start a Kubernetes cluster at one of the big clouds (EKS at AWS, GKE at GCP, AKS at Azure, or Kubernetes at Digitalocean), you can generate a kubeconfig file from them, which grants you full access. It is now very nice to work with…
tobias
  • 501
  • 1
  • 6
  • 15
0
votes
0 answers

Service Account for creating/removing namespaces and add/remove ClusterRole Bindings

Can I create a service account for such specific things and no more. I'm interested because I don't know how clustered roles will behave in this context. One(first) service account has the right to create/remove namespaces Create/remove ClusterRole…
JDev
  • 2,157
  • 3
  • 31
  • 57
0
votes
3 answers

system:node fails to get secrets from apiserver via curl

I'm doing some POC for security research, trying to access namespace secrets directly from a worker node. I have a cluster on GKE running Kubernetes 1.20 I'm running the following command from a worker (none-master) node: curl -v…
Mugen
  • 8,301
  • 10
  • 62
  • 140
0
votes
1 answer

Kubernetes service account with upgrade/patch permission to annotation of deployment

I want to create kubernetes service account and roles/rbac which will grant permission to patch/update annotations of deployment. service account should not able to perform any other update on kubernetes deployment. It should have upgrade and patch…
Akshay Gopani
  • 473
  • 4
  • 16
0
votes
0 answers

Why does helm3 install trigger pre-delete and not in Helm2

I have a project that needs to use mutating Webhook, based on namespaceselector, which needs to add specific label to namespace first. I used three hooks, hook1(pre-install, pre-delete,etc) to create RBAC for hook2(pre-install) to add a label to…
moluzhui
  • 1,003
  • 14
  • 34
0
votes
1 answer

How i am able to access EKS Cluster, though my User/Role ARN is not part of aws-auth CM?

New to EKS, Learning. I understand that Access can be provided to IAM Users/Roles by adding to the aws-auth config map, but when the cluster was created the first time, the AWS-auth has only one entry. apiVersion: v1 data: mapRoles: | -…
mahesh kanna
  • 3
  • 1
0
votes
1 answer

edits to clusterrole "view" are not persisted in aws eks?

aggregationRule: clusterRoleSelectors: - matchLabels: rbac.authorization.k8s.io/aggregate-to-view: "true" apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate:…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
0
votes
0 answers

kubernetes auth error: impersonation request has been denied, group header value is not allowed in roles

I'm unable to impersonate as group in kubernetes 1.21 ✗ k version Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1",…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
0
votes
2 answers

I am getting permission issue (cannot create resource \"Job\" in API group \"batch) while creating jobs via sensors of argo-events

I am trying to trigger a job creation from a sensor but I am getting the error below: Job.batch is forbidden: User \"system:serviceaccount:samplens:sample-sa\" cannot create resource \"Job\" in API group \"batch\" in the namespace…
TruckDriver
  • 1,383
  • 13
  • 28
0
votes
1 answer

Allowing helm hooks (jobs) to create k8s resources

I want to run a pre-install helm hook. This will run a job that will be using custom image whose entrypoint will be executing the following command kubectl create secret generic my-secret --from-literal=foo=bar Can this action be permitted via…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
0
votes
0 answers

RBAC yaml syntax/structure of Rolebinding group to system:masters

Update: syntax definition - I am aware that it is just a name, but it is some structured name/string. In the following rolebinding, what is the colon in subject: - apiGroup"system:masters" doing - it is not a url, is it an YAML reference syntax…
Chris G.
  • 23,930
  • 48
  • 177
  • 302
1 2 3
4
5