Stack Overflow
Stack Overflow

Questions tagged [k8s-cluster-role]

23 questions
2
votes
2 answers

List permission of specific user in openshift

I would like to know how to list all the permission belongs to a specific user/ group. I am using oc describe clusterrolebinding | grep and but I don't think that is correct.
sloweriang
  • 308
  • 4
  • 19
1
vote
1 answer

Error "cannot unmarshal array into Go struct field ClusterRoleBinding.roleRef of type v1.RoleRef" when crewating ClusterRoleBinding in Kubernetes

I'm trying to create a ClusterRoleBinding for an exercise in a course with the YAML file below: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nodes-admin rules: - apiGroups: [""] resources: - nodes …
brandizzi
  • 26,083
  • 8
  • 103
  • 158
1
vote
0 answers

Getting authorization error after upgrading EKS to version 1.25 (user=kube-apiserver-kubelet-client, verb=get, resource=nodes, subresource=proxy)

All my permissions were working fine before. After upgrading to EKS 1.25, I started getting the error below when doing kubectl logs pod -n namespace I tried to debug it. I look at the configMap, clusterRole and RoleBinding. I don't see any apparent…
cloudviz
  • 971
  • 4
  • 15
  • 40
1
vote
1 answer

Deploy ServiceAccount, ClusterRole & ClusterRoleBinding failure

My NodeJS microservice is deployed to k8s cluster. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did this: apiVersion: v1 kind: ServiceAccount metadata: name:…
user842225
  • 5,445
  • 15
  • 69
  • 119
1
vote
4 answers

How to startup old k8s cluster without losing pods and data?

I have a old k8s cluster with 1 master and 2 workers node. It was shutdown for a long time. Now I started it. It had many running pods and deployments. After restart the VM's all k8s command return The connection to the server 123.70.70.70:6443 was…
tauqeerahmad24
  • 358
  • 8
1
vote
3 answers

How to configure a ClusterRole for namespaced resources

I want to allow a ServiceAccount in namespace A to access a resource in namespace B. To achieve this I connect the ServiceAccount to a ClusterRole via a ClusterRoleBinding. The documentation says I can "use a ClusterRole to [1.] define permissions…
Natjo
  • 2,005
  • 29
  • 75
0
votes
0 answers

ansible-playbook Kubernetes node creation issue: Create kubeadm token for joining nodes with 24h expiration (default)] : failed

I am facing issue configuring node using ansible-playbook. After executing the ansible-playbook command, i get below error: Create kubeadm token for joining nodes with 24h expiration (default)] I checked using " journalctl -xeu kubelet" on node PC.…
user_1326
  • 1
0
votes
1 answer

How to Add HostPort prometheus-rancher-monitoring-prometheus to query from external nodes

I have prometheus-rancher-monitoring-prometheus pod running in one of the nodes in the cluster inside the Namespace: cattle-monitoring-system. I can access the prometheus within the cluster through the containerPort 9090. I would like to access this…
ramesh k
  • 23
  • 6
0
votes
2 answers

can kubernetes role override clusterrole?

For example I have a role that gives permission to user get list of pods from specific namespace. And I have a clusterRole that gives permission to user get list of pods from all namespaces. can user get all pods from all namespaces? or does role…
Murat Cabuk
  • 81
  • 7
0
votes
1 answer

What's the story of kubelet's authorization mechanics and unnecessary ClusterRoleBindings?

i try to understand a simple and basic kubeadm init control plane setup. The kubeconfig file in /etc/kubernetes/kubelet.conf is used by the kubelet process at startup time: ubuntu@c1:~$ ps -ef | grep kubelet | sed s/\\s--/\\n--/g root 35361 …
Kurisu
  • 1
  • 3
0
votes
1 answer

Node master status notReady

I create a cluster k8s without internet.when i run kubeadm init --apiserver-advertise-address=... --pod-network-cidr=... everything's fine. But I run kubectl get pod -A. coredns pending. i tried using calico network but still get the same …
nctao
  • 1
0
votes
1 answer

Create secret for my service account but the created service account always show me 0 secret associated with it

My NodeJS microservice is deployed to k8s cluster. I am running this with my local Docker Desktop k8s environment. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did…
user842225
  • 5,445
  • 15
  • 69
  • 119
0
votes
0 answers

Restarting Deployments in AKS Cluster from inside a container

I have a program which can fire kubectl commands to fetch all the namespaces and then loop through each namespace to restart the deployments present in that namespace. This program is on my machine and I want to deploy it to the AKS Cluster and…
Abhijit
  • 25
  • 5
0
votes
1 answer

Allow K8s serviceAccount to read clusterroles, problem when trying to deploy ingress-nginx helm chart with jenkins

I'm trying to deploy ingress-nginx helm chart to K8s with Jenkins running in container. Kubernetes version: 1.25.4 and Helm chart: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx I have created service account for Jenkins to access…
mr.Gray
  • 51
  • 5
0
votes
0 answers

How to access Kubernetes API?

Lets say I need to access my kubernetes API directly by address, e.g. https://1.2.3.4:6443. So I create a service account, a token and a role binding, like this: apiVersion: "v1" kind: "Namespace" metadata: name: "test" --- apiVersion: "v1" kind:…
morot
  • 1
  • 1
1
2