permissions issues

Question

permissions issues

Glenn Maxwell 12,876

Hi All

I have Azure Kubernetes service. When i check my permissions on the Kubernetes cluster, i have owner, contributor & user administrator access. i have a requirement to give access to Kubernetes resources i.e Namespaces to few other users. When i click on Namespaces i am getting the below error. experts guide me

namespaces is forbidden: User "@mydomain.com" cannot list resource "namespaces" in API group "" at the cluster scope. '@mydomain.com' does not have the required Kubernetes permissions to view this resource. Ensure you have the correct role/role binding for this user or group.

vipullag-MSFT 26,492 Reputation points Moderator

2024-01-10T01:08:11.4966667+00:00

Hello Glenn Maxwell

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-01-24T22:59:52.15+00:00

@Glenn Maxwell
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Accepted answer

0 additional answers

Your answer

vipullag-MSFT 26,492 Reputation points Moderator

2024-01-10T01:08:11.4966667+00:00

Hello Glenn Maxwell

Any update on the issue?

Just checking in to see if you got a chance to see previous response.

If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-01-24T22:59:52.15+00:00

@Glenn Maxwell
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 1

Hello Glenn,

Thanks for contact Microsoft Q&A

The error you are getting is related with invalid Kubernetes RBAC permission's.
https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/user-cannot-get-cluster-resources

Currently AKS support Azure RBAC for Kubernetes Authorization or Kubernetes RBAC , both integrated with Microsoft Entra ID (previously Azure AD).

We recommend using Azure RBAC for Kubernetes Authorization, as it is simpler and easier to configure than Kubernetes RBAC, but it's your decision.

Since you are user with admin access, please make sure you add your user group as admin group on the cluster, this can be configured when you enabled the Microsoft Entra ID integration in the cluster. You can find the configuration steps in our documentation bellow.
https://learn.microsoft.com/en-us/azure/aks/enable-authentication-microsoft-entra-id#before-you-begin

Additionally, if you have also configured Azure RBAC for Kubernetes authorization, you can create a role assignment with the "Azure Kubernetes Service RBAC Cluster Admin" built-in role to any user/group to provide cluster admin privileges.
https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac#create-role-assignments-for-users-to-access-the-cluster

Please let me know if this help's to resolve your issue.

Share via

permissions issues

0 additional answers

Your answer