K
Q

how to access namespaces in kubernetes using rest api?

5/22/2019

I am unable to get list of namespaces using rest api and rest end point is https://<localhost>:8001/api/v1/namespaces

Using this kubernetes document:

I am using postman. I will repeat the steps:

  1. Created a user and given cluster admin privileges:

kubectl create serviceaccount exampleuser

  1. Created a rolebinding for our user with cluster role cluster-admin:

kubectl create rolebinding <nameofrolebinding> --clusterrole cluster-admin --serviceaccount default:exampleuser

  1. Checked rolebinding using:

kubectl describe rolebinding <nameofrolebinding>

  1. Now by using:

kubectl describe serviceaccount exampleuser kubectl describe secret exampleuser-xxxx-xxxx

I will use token I got here to authenticate postman.

GET https://<ipofserver>:port/api/v1/namespace

AUTH using bearer token.

Expected result to list all namespaces in cluster. like kubectl get namespaces. But got a warning as follows.

{
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {},
    "status": "Failure",
    "message": "namespaces is forbidden: User \"system:serviceaccount:default:exampleuser\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope",
    "reason": "Forbidden",
    "details": {
        "kind": "namespaces"
    },
    "code": 403
}

I have used "cluster-admin" clusterrole for the user, still getting authentication related error. please help.

-- naveen kumar
kubernetes
kubernetes-apiserver

Similar Questions

Two clusters on EKS, how to switch between them
Is it ok to disable docker0 bridge in k8s cluster?
Transformer function not working for Seldon Core
Filebeat not shipping all container logs
Modify Kubernetes cluster criSocket setting
Get contents of /etc/resolv.conf of coredns pod in kubernetes
Porting openshift operator to kubernetes cluster
Kubernetes beginner: trigger simple actions between apps

2 Answers

5/22/2019

so issue is instead of using rolebinding , i need to use clusterrolebinding check below

kubectl create rolebinding nameofrolebinding --clusterrole cluster-admin --serviceaccount default:exampleuser

kubectl create clusterrolebinding nameofrolebinding --clusterrole cluster-admin --serviceaccount default:exampleuser

rolebinding scope is upto a namespace and clusterrolebinding scope is entire cluster.

To work with api/v1/namespaces we need to use clusterrolebinding

-- naveen kumar
Source: StackOverflow
5/22/2019

You should use clusterrolebinding instead of rolebinding:

kubectl create clusterrolebinding <nameofrolebinding> --clusterrole cluster-admin --serviceaccount default:exampleuser

RoleBinding means permissions to a namespaced resources, but namespace is not a namespaced resources, you can check this by kubectl api-resouces.

More detail at rolebinding-and-clusterrolebinding:

Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding

-- menya
Source: StackOverflow