Menu
I'm trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled. I'm getting a permission error mentioning clusterroles.rbac.authorization.k8s.io, which is what I'd expect if RBAC was enabled.
Is there a way to check with kubectl whether RBAC really is disabled?
What I've tried:
kubectl describe nodes --all-namespaces | grep -i rbac : nothing comes upkubectl describe rbac --all-namespaces | grep -i rbac : nothing comes upkubectl config get-contexts | grep -i rbac : nothing comes upk get clusterroles it says "No resources found", not an error message. So does that mean that RBAC is enabled?kuebctl describe cluster isn't a thingI'm aware that maybe this is the x-y problem because it's possible the helm package I'm installing is expecting RBAC to be enabled. But still, I'd like to know how to check whether or not it is enabled/disabled.
879
RBAC in Kubernetes is the mechanism that enables you to configure fine-grained and specific sets of permissions that define how a given user, or group of users, can interact with any Kubernetes object in cluster, or in a specific Namespace of cluster.
You can check this by executing the command kubectl api-versions; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1.
In AKS, the best way is to check the cluster's resource details at resources.azure.com. If you can spot "enableRBAC": true, your cluster has RBAC enabled. Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)
114
I wish there was a better way but what I use is:
$ kubectl cluster-info dump | grep authorization-mode If you can execute it you should either see RBAC listed there or not, and if you don't have the permissions to do it, well, chances are that RBAC is enabled.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
