1

I have a user named rbacWriterAndConsoleNsReader in my azure portal and assigned him Azure Kubernetes Service Cluster User role and Azure Kubernetes Service RBAC Writer role (scope= full cluster)

But when I try to list namespaces or even pods, it shows the below error :

Error from server (Forbidden): namespaces is forbidden: User "rbacWriterAndConsoleNsReader@mayankprac2outlook.onmicrosoft.com" cannot list resource "namespaces" in API group "" at the cluster scope

PS: NO YAML files should be used (as role here is in-built role provided by Azure), All must be done through Azure CLI

Where am I going wrong ? Can anyone pls explain ?

Thanks in advance !

Suresh Vishnoi
  • 17,341
  • 8
  • 47
  • 55
Mayank
  • 11
  • 1
  • Hi Mayank, Could you share the error when you get the pods ? – Suresh Vishnoi Nov 03 '21 at 14:53
  • Have you enabled Azure RBAC for Kubernetes Authorization using `--enable-azure-rbac` ? See this for explanation - https://stackoverflow.com/questions/69631070/azure-rbac-and-aks-not-working-as-expected – YK1 Nov 03 '21 at 20:05
  • @YK1- Yes, I have enabled Azure RBAC for Kubernetes authorization using `--enable-azure-rbac` , while creating the cluster. Morevover, enabled Azure AAD too using `--enable-aad` – Mayank Nov 05 '21 at 05:40
  • @SureshVishnoi, Error when I get the pods is as : `Error from server (Forbidden): pods is forbidden: User "rbacWriterAndConsoleNsReader@mayankprac2outlook.onmicrosoft.com" cannot list resource "pods" in API group "" in the namespace "abc1"` , where 'abc1' is the name of a namespace – Mayank Nov 05 '21 at 06:11

0 Answers0