This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Using Azure RBAC for Kubernetes Authorization, we have been able to grant users read access to most of our Kubernetes resources e.g. pods, deployments, configmaps, etc.
However, read access to nodes is still unauthorized. According to https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers#azure-kubernetes-service-rbac-reader, someone with the Azure Kubernetes Service RBAC reader role should also be able to list nodes, but kubectl get nodes doesn't work due to unauthorized access. Why is that? and how can I grant a user read-only access to nodes?
Screenshot below shows that the cluster has enabled Azure RBAC.