PiaklA
Reputation: 505
Cluster Rolebinding not working for GKE Cluster + OIDC settings
I followed all the instructions from here : https://console.cloud.google.com/kubernetes/clusters/details/us-central1-c/myapp/details?project=plenary-axon-332219&pli=1
So far I can log in successfully, but I cannot list any pods.
I tried checking different formats for the cluster role binding but still no difference
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: people-who-view-secrets
subjects:
- kind: User
name: Issuer_URI#email
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: secret-viewer
apiGroup: rbac.authorization.k8s.io
Has anyone seen this?
Upvotes: 0
Views: 140
Answers (1)
manal lamine
Reputation: 1
You need to add resources to manipulate
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secret-viewer
rules:
- apiGroups: [""]
# The resource type for which access is granted
resources: ["secrets", "pods"] #here or namespaces , nodes
# The permissions granted by the ClusterRole
verbs: ["get", "watch", "list"]
Upvotes: 0
Related Questions
- Kubernetes: Diffrerence between RoleBinding and ClusterRoleBinding
- GKE RBAC role / rolebinding to access node status in the cluster
- Modify ClusterRole for Kubernetes
- kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user "$(gcloud config get-value account)" throws error
- Automatically Create ClusterRoleBinding on GKE for NGINX Ingress Controller
- Cannot create cluster role in GKE even though I am owner and admin
- Unable to create k8s 1.10 cluster on GKE (us-east1-d)
- Permissions on GKE cluster
- GKE clusterrolebinding for cluster-admin fails with permission error
- Cannot create clusterrolebinding on fresh GKE cluster