sherlock
Reputation: 2807
cronjobs.batch is forbidden on a kubernetes pod
I am new to kubernetes administration. While trying to list & setup new cronjobs, one of the users is getting the following error:
Error from server (Forbidden): cronjobs.batch is forbidden: User cannot list cronjobs.batch in the namespace
The role while creating this user:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: <user>
name: <user>-role
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
The role binding while creating this user:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: <user>-role-binding
namespace: <user>
subjects:
- kind: User
name: <user>
apiGroup: ""
roleRef:
kind: Role
name: <user>-role
apiGroup: ""
What could the issue possibly be?
Upvotes: 4
Views: 10095
Answers (1)
helmbert
Reputation: 38004
The Cronjob resource belongs to the batch API group.
In your RBAC role, you have only granted access to the core (empty name), extensions and apps API groups.
To enable your user to access CronJob objects, add the batch API group to your RBAC role:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: <user>
name: <user>-role
rules:
- apiGroups: ["", "extensions", "apps", "batch"]
resources: ["*"]
verbs: ["*"]
Upvotes: 11
Related Questions
- no matches for kind "CronJob" in version "batch/v1"
- Manually trigger kubernetes cronjob fails
- Trying example Cronjob from Kubnetes with errors
- Running Kubernetes cronjob on a dedicated pod
- Running A cronjob in a pod in Kubernetes
- Kubernetes Cron job invocation from pod
- Kubernetes Run job using CronJob
- error running command on cron jobs kubernetes
- Kubernetes cronjob needs to set a runtime config of batch/v2alpha1=true
- Unable to run cronjobs on kubernetes