K
Q

Kubernetes cluster role admin not able to get deployment status

11/10/2018

I have the following role:

roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin

When I do a kubectl proxy --port 8080 and then try doing

http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/cdp/deployments/{deploymentname}

I get a 200 and everything works fine. However when I do:

http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/cdp/deployments/{deploymentname}/status

I get forbidden and a 403 status back .

I also am able to do get, create, list,watch on deployments with my admin role .

Any idea as to why /status would give forbidden when I clearly have all the necessary permission as admin for my namespace.

-- Dipayan
amazon-eks
authentication
kubernetes

Similar Questions

How to Send On Premises Kubernetes Logs to Stackdriver
Grafana pod keeps restarting after helm install
Installing Istio on GCP Kubernetes - Istio deps Fail
Forbidden to access Kubernetes API Server
k8s pod stuck in status "pending"
Ansible K8s Module - Apply Multiple Yaml Files at Once
K8s mounting persistentVolume failed, "timed out waiting for the condition" on docker-desktop
Promtail basic auth using kubernetes secret in helm values.yaml
Converting docker run to YAML for Kubernetes
How to setup ExternalDNS on Microk8s cluster?

2 Answers

11/10/2018

You mentioned verbs of the role and you didn't mention resources and apiGroup. Make sure the following are set:

  - apiGroups:
    - apps
    - extensions
    resources:
    - deployments/status
-- Abdennour TOUMI
Source: StackOverflow
11/10/2018

the status subresource doesn't give you any more information than simply fetching the deployment

The admin role permissions do not let you write deployment status. They let you create and delete the deployment objects, controlling the "spec" portion of the object. Status modification permissions are granted to the deployment controller.

-- Jordan Liggitt
Source: StackOverflow