You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to setup a user that will have permissions to run Helm install/upgrade/delete on a specific namespace. (For my CI/CD system.)
For example, if the user tries to run a helm upgrade --install with --namespace=dev then it works just fine. But if they try --namespace=prod it should fail.
however, i couldn’t make it work with rbac-manager and getting error that the user need higher priviledges
error message is: "cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope"
if i change in clusterRoleBindings clusterRole to: cluster-admin, it works, but no restriction to a specific namespace.
command can run on any namespace
What did you expect to happen?
helm upgrade/install runs ok on namespace with label "dev"
helm upgrade/install fails on namespace with label "prod"
How can we reproduce this?
helm install awx-operator awx-operator/awx-operator -n dev-namespace
Error: INSTALLATION FAILED: failed to install CRD crds/customresourcedefinition-awxbackups.awx.ansible.com.yaml: 1 error occurred:
* customresourcedefinitions.apiextensions.k8s.io is forbidden: User "dev@example.com" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
Version
awx-operator/awx-operator
Search
I did search for other open and closed issues before opening this.
Code of Conduct
I agree to follow this project's Code of Conduct
Additional context
No response
The text was updated successfully, but these errors were encountered:
shlomiarfa
changed the title
Cant define users with helm install previlded
Can't define users with helm install privilege with Rbac-Manager
Apr 9, 2024
shlomiarfa
changed the title
Can't define users with helm install privilege with Rbac-Manager
Can't define users with helm install privilege
Apr 9, 2024
shlomiarfa
changed the title
Can't define users with helm install privilege
Can't define users with helm install permissions for specific namespace
Apr 9, 2024
shlomiarfa
changed the title
Can't define users with helm install permissions for specific namespace
Can't define users with helm install permissions for a specific namespace
Apr 9, 2024
The issue here isn't rbac-manager, but plain RBAC. To install that chart, apparently the user needs the ability to create apiextensions, and the edit role that you're providing doesn't have that access.
What happened?
I am trying to setup a user that will have permissions to run Helm install/upgrade/delete on a specific namespace. (For my CI/CD system.)
For example, if the user tries to run a helm upgrade --install with --namespace=dev then it works just fine. But if they try --namespace=prod it should fail.
however, i couldn’t make it work with rbac-manager and getting error that the user need higher priviledges
error message is: "cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope"
This is the setup im using:
if i change in clusterRoleBindings clusterRole to: cluster-admin, it works, but no restriction to a specific namespace.
command can run on any namespace
What did you expect to happen?
helm upgrade/install runs ok on namespace with label "dev"
helm upgrade/install fails on namespace with label "prod"
How can we reproduce this?
helm install awx-operator awx-operator/awx-operator -n dev-namespace
Error: INSTALLATION FAILED: failed to install CRD crds/customresourcedefinition-awxbackups.awx.ansible.com.yaml: 1 error occurred:
* customresourcedefinitions.apiextensions.k8s.io is forbidden: User "dev@example.com" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
Version
awx-operator/awx-operator
Search
Code of Conduct
Additional context
No response
The text was updated successfully, but these errors were encountered: