Comments (7)
crschnick
commented on June 2, 2024
Oh, I have not considered the case with limited permissions. I think I can work around this without listing nodes in the next update.
But you have any other permissions usually required that you need to query pods, enter shells into containers, etc. or is there any other permissions I also need to think twice about?
from xpipe.
philippe-granet
commented on June 2, 2024
I have this for production namespace (can't enter shells for example):
PS C:\> kubectl auth can-i --list --namespace <namespace>
Resources Non-Resource URLs Resource Names Verbs
poddisruptionbudgets.policy [] [] [get list watch]
configmaps [] [] [list get watch]
endpoints [] [] [list get watch]
events [] [] [list get watch]
namespaces [] [] [list get watch]
persistentvolumeclaims [] [] [list get watch]
pods/attach [] [] [list get watch]
pods/exec [] [] [list get watch]
pods/log [] [] [list get watch]
pods [] [] [list get watch]
podtemplates [] [] [list get watch]
resourcequotas [] [] [list get watch]
serviceaccounts [] [] [list get watch]
services [] [] [list get watch]
deployments.apps/rollback [] [] [list get watch]
deployments.apps/scale [] [] [list get watch]
deployments.apps [] [] [list get watch]
replicasets.apps/scale [] [] [list get watch]
replicasets.apps [] [] [list get watch]
statefulsets.apps/scale [] [] [list get watch]
statefulsets.apps [] [] [list get watch]
horizontalpodautoscalers.autoscaling [] [] [list get watch]
cronjobs.batch [] [] [list get watch]
jobs.batch/status [] [] [list get watch]
jobs.batch [] [] [list get watch]
replicationcontrollers [] [] [list]
daemonsets.apps [] [] [list]
from xpipe.
crschnick
commented on June 2, 2024
So I fixed the issue when nodes could not be listed and that will be released in the next update.
But it's going to be complicated when you don't have permission to enter shells as that kinda removes most of the functionality as you can't open a terminal session or file browser session then. Assuming from the permissions you posted you also can't start, stop, control pods, I don't think there's anything useful that you can do in xpipe with these limited permissions other than listing and checking the status for that cluster.
from xpipe.
philippe-granet
commented on June 2, 2024
Thanks for your fix!
I cant' list nodes on all environements. But on environments other than production, I have permission to enter shells.
from xpipe.
crschnick
commented on June 2, 2024
This is now released. Let me know whether everything works for you now
from xpipe.
philippe-granet
commented on June 2, 2024
@crschnick
I have now this error: cannot list resource "pods" in API group "" at the cluster scope
I can list pod at the namespace scope but not at the cluster scope
from xpipe.
crschnick
commented on June 2, 2024
I guess this error is now more expected, XPipe uses contexts instead of namespaces to access clusters so I think that you would have to list permissions for the context not the namespace. I probably missed that you listed namespace permissions
from xpipe.
Related Issues (20)
- Malwarebytes performance issues
- How to change ssh client to e.g. tabby under windows 11 to get rid of the "too open keyfiles" HOT 6
- XPipe Public Test Builds
- Support of import in .ssh/config file. HOT 7
- Appearance setting plan to have compact or condensed mode HOT 5
- Feature Request: Settings Synchronization Function HOT 2
- Support SSH Jump as gateway? HOT 5
- Specify required dependencies for Linux packages
- XPipe creates new windows instead of tabs HOT 1
- [Feature Request] Disable probing for Root/Sudo HOT 3
- How do I add a dumb terminal launcher HOT 9
- [Feature Request] QNAP Docker support HOT 15
- Clone connection requires 2 edits to successfully clone. HOT 2
- Shell opener fails on Trusnas core (FreeBSD) (sh) HOT 11
- Received the following error while importing a Remote Host HOT 5
- cannot use Hyper as terminal HOT 3
- file upload bug HOT 1
- file manager improvement HOT 4
- Unable to add PFSense HOT 10
- Unable to add Home Assistant HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xpipe.