Can you run the same comment with --v=6 to see what URL is getting denied?
Your policy rule limits permissions to the prod namespace. Does the
deployment you are trying to apply specify a different namespace?
On Thursday, May 4, 2017 at 6:13:10 PM UTC-4, Sen Han wrote:
>
> I am using kubernetes 1.3 and having policyfile configed like this
>
> {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind":
> "Policy", "spec": {"user": "admin", "namespace": "prod", "resource": "*",
> "apigroup": "*", "nonResourcePath": "*"}}
> when I do kubectl get po it is working just fine.
> but when I try to 'kubectl apply -f deployment.yml', it throws error about
> does not allow access to the requested resource (get
> depl.oyments.extensions)
> turns out to be the reason is:
> "kubectl get deployment" throws access denied error
> same error as "kubectl get no".
> Is deployment considered to be cross namespace resource type? Or this is a
> bug? Has anyone encountered this before?
>
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
