Authorization issue

Sky_High · June 25, 2021, 5:31pm

Hi Guys, I created two users and setup authentication but without any authorization given these users are able to access all the objects in all namespaces including cluster objects. Can anyone let me know what went wrong?

root@kmaster:/home/certs/jazz# kubectl --kubeconfig=/home/certs/jazz/users.conf config view
apiVersion: v1
clusters:

cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://10.128.0.9:6443
name: kubernetes
contexts:
context:
cluster: kubernetes
user: user5
name: user5@kubernetes
context:
cluster: kubernetes
user: user6
name: user6@kubernetes
current-context: user6@kubernetes
kind: Config
preferences: {}
users:
name: user5
user:
client-certificate: /home/certs/jazz/user5.crt
client-key: /home/certs/jazz/user5.key
name: user6
user:
client-certificate: /home/certs/jazz/user6.crt
client-key: /home/certs/jazz/user6.key
root@kmaster:/home/certs/jazz#
10:46
root@kmaster:/home/certs/jazz# kubectl get role
No resources found in default namespace.
root@kmaster:/home/certs/jazz# kubectl get rolebinding
No resources found in default namespace.
root@kmaster:/home/certs/jazz# kubectl get role -n iit
No resources found in iit namespace.
root@kmaster:/home/certs/jazz# kubectl get rolebinding -n iit
No resources found in iit namespace.
root@kmaster:/home/certs/jazz# kubectl --kubeconfig=/home/certs/jazz/users.conf config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
user5@kubernetes kubernetes user5

    user6@kubernetes   kubernetes   user6

root@kmaster:/home/certs/jazz# kubectl --kubeconfig=/home/certs/jazz/users.conf get pods
NAME READY STATUS RESTARTS AGE
secasenvdep-86c855b8b-czzhc 1/1 Running 0 25h
secasenvdep-86c855b8b-dz88q 1/1 Running 0 25h
secasenvdep19-5dd4575dbd-684wt 1/1 Running 0 23h
secasenvdep19-5dd4575dbd-kmdgp 1/1 Running 0 23h
secasenvdep199-797bcdc8c5-8jc24 1/1 Running 0 23h
secasenvdep199-797bcdc8c5-pckgr 1/1 Running 0 23h
secasvoldep-675f65f5c5-cw85b 1/1 Running 0 25h
secasvoldep-675f65f5c5-trnmc 1/1 Running 0 25h
secasvoldep19-65b7864ff6-495wh 1/1 Running 0 24h
secasvoldep19-65b7864ff6-kc5lp 1/1 Running 0 24h
root@kmaster:/home/certs/jazz#

Topic		Replies	Views
User with cluster-admin role and remote access to cluster General Discussions	0	298	July 31, 2023
User permission problem General Discussions	0	849	December 19, 2018
Getting Cert Issues querying API internally General Discussions	1	547	October 20, 2020
Kubectl fail all commands - forbidden General Discussions	3	1531	November 3, 2019
Kubctl logs -f gets authorizaation error General Discussions	0	4585	February 7, 2019

Authorization issue

Related Topics