I have an EKS Cluster, in which the role-“xxxxxxxxx” with which I am accessing the Cluster has the Clusterrole:“eks:service-operations”. This do not have the permission to run $kubectl top pods or nodes.
- groups:
- eks:service-operations
rolearn : xxxxxxxxxxx
When I run $kubectl top nodes or pods, it is giving unauthorized, which is expected.
However, when I run $kubectl auth can-i list pod/metrics, or $kubectl auth can-i get pod/metrics, I was getting “yes” which is not expected.