Stack Overflow
Stack Overflow

Questions tagged [k8s-rolebinding]

24 questions
3
votes
2 answers

Restrict access of a K8s secret to a particular service account

I have a secret which contains very sensitive information. I want to make sure that this secret can only be accessed by a certain service account and nobody else. Using RBAC, I can tell which user can access which resources. But is there some way…
codego123
  • 171
  • 2
  • 12
2
votes
0 answers

Changing Role permissions for an active (in-use) ServiceAccount in Kubernetes

Suppose a simple RBAC setup in Kubernetes (assuming default namespace for simplicity): ServiceAccount + Role + RoleBinding The role has allows to get and list verbs for pods and pods/log a Pod using the above ServiceAccount the pod is running curl…
Ilya Ayzenshtok
  • 721
  • 2
  • 7
  • 18
2
votes
1 answer

Assign permissions to a set of K8s namespaces under the same regex?

We're creating dynamic test environments for our developers. Each environment goes into one namespace called test-, where is entered by the developer when creating the environment (we use Gitlab-CI for the automation). We want…
dev93
  • 337
  • 4
  • 14
2
votes
2 answers

List permission of specific user in openshift

I would like to know how to list all the permission belongs to a specific user/ group. I am using oc describe clusterrolebinding | grep and but I don't think that is correct.
sloweriang
  • 308
  • 4
  • 19
1
vote
0 answers

Getting authorization error after upgrading EKS to version 1.25 (user=kube-apiserver-kubelet-client, verb=get, resource=nodes, subresource=proxy)

All my permissions were working fine before. After upgrading to EKS 1.25, I started getting the error below when doing kubectl logs pod -n namespace I tried to debug it. I look at the configMap, clusterRole and RoleBinding. I don't see any apparent…
cloudviz
  • 971
  • 4
  • 15
  • 40
1
vote
1 answer

Deploy ServiceAccount, ClusterRole & ClusterRoleBinding failure

My NodeJS microservice is deployed to k8s cluster. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did this: apiVersion: v1 kind: ServiceAccount metadata: name:…
user842225
  • 5,445
  • 15
  • 69
  • 119
1
vote
1 answer

Error from server (BadRequest): container "spark-kubernetes-driver" in pod "test-run-spark" is waiting to start: trying and failing to pull image

minikube in mac os is not able to pull docker images from docker repository. Trying to run spark on k8s spark-submit --master k8s://https://ip:port --deploy-mode cluster --name test-run-spark --conf spark.kubernetes.container.image=Docker-image…
tempUser
  • 49
  • 6
1
vote
0 answers

kubernetes ABAC via resource labels

In K8s Is there any way to access the resources within a namespaces basis labels that are attached to them. RBAC access in K8's is primarily handled from a namespace level, so there are difficulties in adequately segmenting access to an app…
pooja acharya
  • 31
  • 1
  • 3
1
vote
1 answer

What am I missing in this kubernetes RBAC setup?

I want to run a pod that listens for updates to endpoint lists (I'm not yet ready to adopt the alpha-level feature of endpoint sets, but I'll expand to that eventually.) I have this code: package main import ( "fmt" "os" "os/signal" …
Jon Watte
  • 6,579
  • 4
  • 53
  • 63
0
votes
1 answer

What's the story of kubelet's authorization mechanics and unnecessary ClusterRoleBindings?

i try to understand a simple and basic kubeadm init control plane setup. The kubeconfig file in /etc/kubernetes/kubelet.conf is used by the kubelet process at startup time: ubuntu@c1:~$ ps -ef | grep kubelet | sed s/\\s--/\\n--/g root 35361 …
Kurisu
  • 1
  • 3
0
votes
1 answer

Create secret for my service account but the created service account always show me 0 secret associated with it

My NodeJS microservice is deployed to k8s cluster. I am running this with my local Docker Desktop k8s environment. I would like this microservice to access the k8s API server. For that, I guess I need to create a ServiceAccount for it. So I did…
user842225
  • 5,445
  • 15
  • 69
  • 119
0
votes
0 answers

Restarting Deployments in AKS Cluster from inside a container

I have a program which can fire kubectl commands to fetch all the namespaces and then loop through each namespace to restart the deployments present in that namespace. This program is on my machine and I want to deploy it to the AKS Cluster and…
Abhijit
  • 25
  • 5
0
votes
1 answer

Allow K8s serviceAccount to read clusterroles, problem when trying to deploy ingress-nginx helm chart with jenkins

I'm trying to deploy ingress-nginx helm chart to K8s with Jenkins running in container. Kubernetes version: 1.25.4 and Helm chart: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx I have created service account for Jenkins to access…
mr.Gray
  • 51
  • 5
0
votes
0 answers

How to access Kubernetes API?

Lets say I need to access my kubernetes API directly by address, e.g. https://1.2.3.4:6443. So I create a service account, a token and a role binding, like this: apiVersion: "v1" kind: "Namespace" metadata: name: "test" --- apiVersion: "v1" kind:…
morot
  • 1
  • 1
0
votes
1 answer

In Kubernetes if I create a rolebinding with a serviceaccount subject without namespace defined ¿which sa is used?

I can create a rolebinding like this kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: test namespace: rolebinding-ns subjects: - kind: ServiceAccount name: default roleRef: apiGroup: rbac.authorization.k8s.io …
Roberto
  • 1
  • 1
1
2