Can t list the deployment resources using RBAC

0 votes

I've given the x509 authentication for a user in kubernetes, but deployments access doesn't seem to be working fine.

Roles:

# kubectl get rolebindings devops-rb -n demo -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  creationTimestamp: 2018-03-26T13:43:49Z
  name: devops-rb
  namespace: demo
  resourceVersion: "2530329"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/demo/rolebindings/devops-rb
  uid: b6c17e28-30fb-11e8-b530-000d3a11bb2f
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: devops-role
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: devops

Role Bindings:

# kubectl get roles devops-role -n demo -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: 2018-03-26T13:43:49Z
  name: devops-role
  namespace: demo
  resourceVersion: "2538402"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/demo/roles/devops-role
  uid: b6bee0fb-30fb-11e8-b530-000d3a11bb2f
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - secrets
  - services
  - replicasets
  - persistentvolumeclaims
  - deployments
  verbs:
  - get
  - list
  - watch

Trying to list deployments using user config:

# kubectl --kubeconfig /root/.kube/config-tesla get deploy -n demo
Error from server (Forbidden): deployments.extensions is forbidden: User "tesla" cannot list deployments.extensions in the namespace "demo"

Trying to list deployments using the admin config:

# kubectl  get deploy -n demo
NAME              DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
wordpress         1         1         1            1           13d
wordpress-mysql   1         1         1            1           13d

Trying to list pods using user config:

# kubectl --kubeconfig /root/.kube/config-tesla get po -n demo
NAME                               READY     STATUS    RESTARTS   AGE
ncp-centos-pod                     1/1       Running   0          12d
wordpress-77d578745-vdgr9          1/1       Running   0          13d
wordpress-mysql-58cf8dc9f9-pzvbs   1/1       Running   0          13d

Trying to list pods using admin config:

# kubectl  get pods -n demo
NAME                               READY     STATUS    RESTARTS   AGE
ncp-centos-pod                     1/1       Running   0          12d
wordpress-77d578745-vdgr9          1/1       Running   0          13d
wordpress-mysql-58cf8dc9f9-pzvbs   1/1       Running   0          13d
Dec 28, 2018 in Kubernetes by shubham
 • 7,340 points 1,930 views

1 answer to this question.

0 votes

"extensions" and "apps" API groups cover replicasets and deployments.

try this:

rules:
- apiGroups:
  - ""
  resources:
  - pods
  - secrets
  - services
  - persistentvolumeclaims
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  - replicasets
  verbs:
  - get
  - list
  - watch
answered Dec 28, 2018 by DareDev
 • 6,890 points

Related Questions In Kubernetes

0 votes
1 answer

How to automate the rollback of deployment when it fails using helm and without timeout?

As it turns out, there is an ...READ MORE

answered Sep 18, 2020 in Kubernetes by Kim
 1,257 views
0 votes
1 answer

How do we list all the pods which are using the same service?

Hi, If you want to manage your pods ...READ MORE

answered Oct 5, 2020 in Kubernetes by MD
 • 95,440 points 393 views
0 votes
1 answer

Modifying a deployment without editing the file manually

You can try kubectl patch to do ...READ MORE

answered Aug 24, 2018 in Kubernetes by ajs3033
 • 7,300 points 2,081 views
0 votes
1 answer

Is it possible to access GCP resources using api without a user interaction.?

yes that's totally possible. You'd have to create ...READ MORE

answered Sep 19, 2018 in Kubernetes by Kalgi
 • 52,360 points 428 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,360 points 7,074 views
+1 vote
1 answer

set up kubernetes NGINX ingress in AWS with SSL termination

Try using ingress itself in this manner except ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
 • 52,360 points 2,820 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
 14,612 views
+4 votes
1 answer

Installing Web UI (Dashboard):kubernetes-dashboard on main Ubuntu 16.04.6 LTS (Xenial Xerus) server

Follow these steps: $ kubeadm reset $ kubeadm init ...READ MORE

answered Apr 12, 2019 in Kubernetes by Kalgi
 • 52,360 points
reshown Apr 12, 2019 by Kalgi 6,098 views
0 votes
1 answer

deleting pods using kubernetes replication controller

The pods which are managed by ReplicationController ...READ MORE

answered Jul 24, 2018 in Kubernetes by DareDev
 • 6,890 points 873 views
0 votes
1 answer

Getting the pod's ip address for the container inside of it

You can make sure that the replication ...READ MORE

answered Aug 24, 2018 in Kubernetes by DareDev
 • 6,890 points 2,390 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.