https://<hostname>/apis/extensions/v1beta1/namespaces/prod/deployments
note that deployments is the only one which is not working, secrets, pods
are all works.
On Friday, May 5, 2017 at 2:12:41 AM UTC-4, Jordan Liggitt wrote:
>
> Can you run the same comment with --v=6 to see what URL is getting denied?
>
> Your policy rule limits permissions to the prod namespace. Does the
> deployment you are trying to apply specify a different namespace?
>
>
> On Thursday, May 4, 2017 at 6:13:10 PM UTC-4, Sen Han wrote:
>>
>> I am using kubernetes 1.3 and having policyfile configed like this
>>
>> {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind":
>> "Policy", "spec": {"user": "admin", "namespace": "prod", "resource": "*",
>> "apigroup": "*", "nonResourcePath": "*"}}
>> when I do kubectl get po it is working just fine.
>> but when I try to 'kubectl apply -f deployment.yml', it throws error
>> about does not allow access to the requested resource (get
>> depl.oyments.extensions)
>> turns out to be the reason is:
>> "kubectl get deployment" throws access denied error
>> same error as "kubectl get no".
>> Is deployment considered to be cross namespace resource type? Or this is
>> a bug? Has anyone encountered this before?
>>
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
