I gave namespace admin privilege to user 'X', he is unable to create deployments/configmaps from kubectl client. He is able to create them from K8s Dashboard(UI). Also he is not able to delete the deployments/configmaps from K8s Dashboard(UI),he need to use kubectl client for deleting deployments/configmaps.
The below snippets are the roles & Cluster roles which are binded to user 'X':
The below role states the user 'X' will have all the permissions within the namespace(ns):
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ns-admin-role
namespace: ns
rules:
Created Role Binding using command line:
kubectl create rolebinding {{usr}}-{{ns}}-admin-rolebinding --role=\"{{ns}}-admin-role\" --user={{usr}} --namespace=\"{{ns}}\"
In order to view the Dashboard UI.Some "Default Dashboard privileges of K8s v1.8" need to be set. Those have been setted like below:
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: kube-system name: user-role-dashboard rules:
Created Role Binding using command line:
kubectl create rolebinding {{usr}}-dashboard-role-binding --role=\"user-role-dashboard\" --user={{usr}} --namespace=\"kube-system\"
The below snippet is for viewing the list of namespaces in the Dashboard UI:
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ns-view-clusterrole rules:
Created Cluterrole Binding using command line:
kubectl create clusterrolebinding {{usr}}-ns-view-clusterrolebinding --clusterrole=\"ns-view-clusterrole\" --user={{usr}}
Is it K8s issue? or Did I miss anything?