K
Q

kubernetes auth error: impersonation request has been denied, group header value is not allowed in roles

8/27/2021

I'm unable to impersonate as group in kubernetes 1.21

✗  k version                                                                              
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:18:45Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.2-eks-0389ca3", GitCommit:"8a4e27b9d88142bbdd21b997b532eb6d493df6d2", GitTreeState:"clean", BuildDate:"2021-07-31T01:34:46Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
✗  k auth can-i --as=dmitry --as-group=system:masters get pods -n argo-cd

Error from server: impersonation request has been denied, user header "dmitry" is not allowed in roles
✗  k auth can-i --as=dmitry --as-group=team:sso:bolrdswp-devops update secrets -n argo-cd 

Error from server: impersonation request has been denied, group header "team:sso:bolrdswp-devops" value is not allowed in roles

So how to impersonate as a particular group in kubernetes?

-- DmitrySemenov
kubernetes
kubernetes-rbac

Similar Questions

How to automatically spin n-number of helm deployments from a single helm chart
How to fix "connection refused" error during filebeat start in kubernetes
Connection Refuse communicating from pod to service
Whole Kubernetes cluster down after master crash
Kubectl desribe returns 404 for Ingresses

0 Answers