How to grant limited user access for Kubernetes?
Linode
Linode Staff
I'm inviting a partner to cooperate on a kubernetes projects with me, but when I set limited access to only nodes, nodebalancer, blockstorage etc… they cannot see the kubernetes section.
It always shows "unauthorized access".
They can see the nodes from that cluster fine in the Linodes section but they cannot download Kubeconfig etc… Just everything from Kubernetes is unavailable.
The only way to give access to Kubernetes is with full accounting access.
I think there is a bug in the permissions section.
3 Replies
jcardillo
Linode Staff
This is currently a limitation with LKE and limited users that the LKE team is aware of. We don't have an ETA for when this will be addressed.
One potential workaround could be the following:
- Create a new api token (https://cloud.linode.com/profile/tokens) that gives read/write access to Kubernetes only.
- Have the developer run the following curl command with the new token:
curl -H "Authorization: Bearer $KUBE_TOKEN" \
https://api.linode.com/v4/lke/clusters/14292/kubeconfig
The output will be in base64 format, which can be decoded using something like this:
https://www.base64decode.org/
If needed, here is our documentation on getting started with the Linode API. They'd need to first store the token as a temporary (or environmental) variable. For example:
KUBE_TOKEN=<token_string>
For more information regarding what can be done with Kubernetes via our API, please see the following:
https://www.linode.com/docs/api/linode-kubernetes-engine-lke/
I can't work collaboratively if I can't grant specific permissions to LKE. I really need this to be fixed.
Any word on this? It still seems to be an issue.