User with cluster-admin role and remote access to cluster

cgx-system · July 31, 2023, 3:08pm

Hi,

I followed the Kubernetes Docs to create a user with a private key and certificate, then I defined a ClusterRoleBinding for this user with the cluster-admin ClusterRole that is supposed to give him full access to all rights in the cluster, for all namespaces.

I configured my local kubeconfig with the user access to my cluster, and when I use kubectl to access my cluster, the certificate is accepted but I have a forbidden access error on all the commands.

My ClusterRoleBinding manifest is

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: clusterrole-[USERNAME]
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: [USERNAME]

I thought that the cluster-admin role was enough to grant all access to the user, but it seems I missed something. Any idea ?

Cluster information:

Kubernetes version: 1.27.3
Cloud being used: bare-metal
Installation method: K3S
Host OS: Debian 12
CNI and version: Flannel
CRI and version: Containerd

Topic		Replies	Views
How can I setup cluster role or role to deny access to certain resources? General Discussions	4	7045	July 24, 2021
Authorization issue General Discussions	0	400	June 25, 2021
How to limit the scope of Namespace with ClusterRole? General Discussions development	4	16002	August 31, 2022
RBAC in kubernetes (CVE-2019-11253) General Discussions	3	1277	October 24, 2019
Kubernetes RBAC RoleBinding for multiple namespaces General Discussions	0	1637	March 27, 2020

User with cluster-admin role and remote access to cluster

Cluster information:

Related topics