Reputation: 113
kubectl auth can-i create deployments --namespace default --as root Always returns no
I am experimenting with API Access permissions using below command as explained in https://kubernetes.io/docs/admin/authorization/
kubectl auth can-i create deployments --namespace dev
I am logged in as root so this gave 'Yes'. But I wanted to confirm if it works with below as well:
kubectl auth can-i create deployments --namespace default --as root
However, it returned 'no'. As per the documentation, the above command is used to check if other users have access to use 'create deployments' api. I assumed that for root, it will always return yes. I am still logged in as root and trying to verify the above. Has anyone faced a similar issue?
Thanks, Niti
Upvotes: 0
Views: 1624
Answers (1)
Reputation: 18111
Were permissions granted directly to the username "root" or to a group the root user is a member of?
To check permissions including group memberships with --as, you also need to specify the user's groups with --as-group
For example, if the root user is in the system:masters group:
… --as=root --as-group=system:authenticated --as-group=system:masters
Upvotes: 1
Related Questions
- Why is kubectl not asking for a password?
- Unable to create deployment in a namespace with service account, ClusterRole and ClusterRolebinding created
- kubectl: error You must be logged in to the server (Unauthorized)
- kubectl "error: You must be logged in to the server (Unauthorized)" using kubectx, while no error if used the same config directly
- How do I authenticate with Kubernetes kubectl using a username and password?
- kubernetes: Authentication to ui with default config file fails
- I cannot run kubectl get nodes as root. Why?
- Why does Kubernetes' "kubectl" abort with “Authorization error”?
- Using kubectl with Kubernetes authorization mode ABAC