-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Kubectl cnpg status forbidden for non cluster-admins #4522
Labels
triage
Pending triage
Comments
Discussed in slack https://cloudnativepg.slack.com/archives/C03AX0J5P29/p1715100923959049 |
In my environment above issue does not occur with plugin |
leonardoce
added a commit
that referenced
this issue
May 15, 2024
In the kubectl plugin, when getting the list of PodDisruptionBudgets, the code wasn't restricting the selection to the namespace where the target Cluster resource has been created. This patch fixes that, with the added benefit of restricting the set of privileges needed by the user. Fixes #4522 Signed-off-by: HaveFun83 <38665716+HaveFun83@users.noreply.github.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
cnpg-bot
pushed a commit
that referenced
this issue
May 15, 2024
In the kubectl plugin, when getting the list of PodDisruptionBudgets, the code wasn't restricting the selection to the namespace where the target Cluster resource has been created. This patch fixes that, with the added benefit of restricting the set of privileges needed by the user. Fixes #4522 Signed-off-by: HaveFun83 <38665716+HaveFun83@users.noreply.github.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> (cherry picked from commit 7420aed)
cnpg-bot
pushed a commit
that referenced
this issue
May 15, 2024
In the kubectl plugin, when getting the list of PodDisruptionBudgets, the code wasn't restricting the selection to the namespace where the target Cluster resource has been created. This patch fixes that, with the added benefit of restricting the set of privileges needed by the user. Fixes #4522 Signed-off-by: HaveFun83 <38665716+HaveFun83@users.noreply.github.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> (cherry picked from commit 7420aed)
cnpg-bot
pushed a commit
that referenced
this issue
May 15, 2024
In the kubectl plugin, when getting the list of PodDisruptionBudgets, the code wasn't restricting the selection to the namespace where the target Cluster resource has been created. This patch fixes that, with the added benefit of restricting the set of privileges needed by the user. Fixes #4522 Signed-off-by: HaveFun83 <38665716+HaveFun83@users.noreply.github.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> (cherry picked from commit 7420aed)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue already for this bug?
I have read the troubleshooting guide
I am running a supported version of CloudNativePG
Contact Details
No response
Version
older in 1.22.x
What version of Kubernetes are you using?
1.28
What is your Kubernetes environment?
Other
How did you install the operator?
Helm
What happened?
Kubectl pulgin version: v1.23.1
When using "kubectl cnpg status" as namespaced admin the following error occured
and no status is printed
Maybe a regression of #4319
Cluster resource
No response
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: