K
Q

kubectl auth can-i create deployments --namespace default --as root Always returns no

1/7/2018

I am experimenting with API Access permissions using below command as explained in https://kubernetes.io/docs/admin/authorization/

kubectl auth can-i create deployments --namespace dev

I am logged in as root so this gave 'Yes'. But I wanted to confirm if it works with below as well:

kubectl auth can-i create deployments --namespace default --as root

However, it returned 'no'. As per the documentation, the above command is used to check if other users have access to use 'create deployments' api. I assumed that for root, it will always return yes. I am still logged in as root and trying to verify the above. Has anyone faced a similar issue?

Thanks, Niti

-- userNB13
authorization
kubernetes

Similar Questions

Custom login in front of kubernetes dashboard
Node.js scaling out on Kubernetes
Solution for HA production infrastructure and server management
Ingress SSL redirect with port number not replacing https port number

1 Answer

1/8/2018

Were permissions granted directly to the username "root" or to a group the root user is a member of?

To check permissions including group memberships with --as, you also need to specify the user's groups with --as-group

For example, if the root user is in the system:masters group:

--as=root --as-group=system:authenticated --as-group=system:masters
-- Jordan Liggitt
Source: StackOverflow