cluster-admin permissions seem to be impossible

Latest response

Hello,

I am having issues with attaching a cluster-admin role to any user in my account.

No matter what I do I cannot get an admin role attached to any user.

Joels-MacBook-Pro:tmp joelmora$ oc create clusterrolebinding registry-controller --clusterrole=cluster-admin --user=jmora@scalyr.com

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "jmora@scalyr.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

Joels-MacBook-Pro:tmp joelmora$ oc create clusterrolebinding your-user-cluster-admin-binding --clusterrole=cluster-admin --user=jmora@scalyr.com

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "jmora@scalyr.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

Joels-MacBook-Pro:tmp joelmora$ oc create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=default:cluster-admin

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "jmora@scalyr.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

Joels-MacBook-Pro:tmp joelmora$ oc create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --serviceaccount=default:cluster-admin

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "jmora@scalyr.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

JM
Log in to join the conversation

Responses

BW Newbie 12 points
19 March 2020 3:15 PM

Did you ever figure this out? Running into the same problem...

aa Newbie 17 points
9 May 2020 2:14 PM

Same thing here with a new install of OKD.

Paul Van Allsburg's picture Active Contributor 164 points
15 May 2020 12:16 PM

I use for a group:

oc adm policy add-cluster-role-to-group cluster-admin myadmingroup

or a single user:

oc adm policy add-cluster-role-to-user cluster-admin bigfish
KS Newbie 5 points
16 November 2023 9:20 PM

I understand it's old thread, but still someone may get this issue( I just faced today). This mainly takes place when you are creating the cluster on some other cloud provider infrastructure( like AWS, GCP) and not completely managed by you(the infra).

In this case the policy may prevent you to work as cluster-admin and provider may create a near-admin group with limited administrative access. You may need to find the role which is closest to your requirement

KS Red Hat Community Member 42 points
16 November 2023 9:25 PM

I understand it's old thread, but still someone may get this issue( I just faced today). This mainly takes place when you are creating the cluster on some other cloud provider infrastructure( like AWS, GCP) and not completely managed by you(the infra).

In this case the policy may prevent you to work as cluster-admin and provider may create a near-admin group with limited administrative access. You may need to find the role which is closest to your requirement