I given User permissions pods read only permission but user able to delete the pod what is the issue

pbprasad102 · July 24, 2024, 6:01am

I create role and rolebindging for a user prasad view pods list pods but user able to delete pods is the issue

rob_kodekloud · July 24, 2024, 9:11pm

What’s the actual YAML of the role? Simplest explanation would be the role is not correctly coded.

pbprasad102 · July 25, 2024, 6:21am

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: cube2
name: pod-viewer
rules:

apiGroups: [“”]
resources: [“pods”]
verbs: [“get”, “list”, “watch”]

rob_kodekloud · July 25, 2024, 6:35am

I assume that in NS cube2 you have a rolebinding assigned to that role and user “prasad”. What do you see if you do

kubectl -n cube2 auth can-i delete pod --as prasad

You aren’t saying how you tested the deletion of pods; perhaps you were not running the command as user prasad.

pbprasad102 · July 28, 2024, 1:16am

I am using this command output “NO”.

rob_kodekloud · July 28, 2024, 1:24am

Then if you are running the command --as prasad, it will fail. If you are succeeding, most likely you are NOT running as prasad So how are you doing the delete?

The following command is marked as “experimental”, but it works for me on my local cluster. Try it:

kubectl auth whoami