I'm trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled.
I'm getting a permission error mentioning clusterroles.rbac.authorization.k8s.io
, which is what I'd expect if RBAC was enabled.
Is there a way to check with kubectl
whether RBAC really is disabled?
What I've tried:
kubectl describe nodes --all-namespaces | grep -i rbac
: nothing comes upkubectl describe rbac --all-namespaces | grep -i rbac
: nothing comes upkubectl config get-contexts | grep -i rbac
: nothing comes upk get clusterroles
it says "No resources found", not an error message. So does that mean that RBAC is enabled?kuebctl describe cluster
isn't a thingI'm aware that maybe this is the x-y problem because it's possible the helm package I'm installing is expecting RBAC to be enabled. But still, I'd like to know how to check whether or not it is enabled/disabled.
You can check this by executing the command kubectl api-versions
; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1
.
In AKS, the best way is to check the cluster's resource details at resources.azure.com.
If you can spot "enableRBAC": true
, your cluster has RBAC enabled.
Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)