You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My team runs clusters where we do not have a direct ClusterRoleBinding to the cluster-admin ClusterRole. We have granted ourselves the ability to impersonate users and set up a phony user that does have the ClusterRoleBinding. This forces us to do something akin to sudo when we want to perform risky operations.
In order to perform an administrative command, such as deleting a namespace, we can use kubectl like this:
kubectl delete ns example-ns --as phony-user
Please add support for doing user and group impersonation that leverages the standard k8s mechanisms linked above.
The text was updated successfully, but these errors were encountered:
My team runs clusters where we do not have a direct ClusterRoleBinding to the cluster-admin ClusterRole. We have granted ourselves the ability to impersonate users and set up a phony user that does have the ClusterRoleBinding. This forces us to do something akin to sudo when we want to perform risky operations.
In order to perform an administrative command, such as deleting a namespace, we can use kubectl like this:
Please add support for doing user and group impersonation that leverages the standard k8s mechanisms linked above.
The text was updated successfully, but these errors were encountered: