Hi,
I followed the Kubernetes Docs to create a user with a private key and certificate, then I defined a ClusterRoleBinding for this user with the cluster-admin ClusterRole that is supposed to give him full access to all rights in the cluster, for all namespaces.
I configured my local kubeconfig with the user access to my cluster, and when I use kubectl to access my cluster, the certificate is accepted but I have a forbidden access error on all the commands.
My ClusterRoleBinding manifest is
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: clusterrole-[USERNAME]
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: [USERNAME]
I thought that the cluster-admin role was enough to grant all access to the user, but it seems I missed something. Any idea ?
Cluster information:
Kubernetes version: 1.27.3
Cloud being used: bare-metal
Installation method: K3S
Host OS: Debian 12
CNI and version: Flannel
CRI and version: Containerd