BasJ93
commented
21 hours ago I'd like to have these permissions assignable as well. Any chance someone at MS can weigh in?
Open k-krupka opened 2 months ago
BasJ93
commented
21 hours ago I'd like to have these permissions assignable as well. Any chance someone at MS can weigh in?
Is your feature request related to a problem? Please describe. The build-in Azure Kubernetes Service RBAC Reader role does not include port-forwarding capability. In an example scenario, my Entra user is assigned the following permissions (Contributor on Resource Group(inherit) and Azure Kubernetes Service RBAC Reader). When calling:
I'm getting the following problem:
error: error upgrading connection: pods "test-webapp-deployment-5f88fb8988-wwsj9" is forbidden: User "email@goes.here" cannot create resource "pods/portforward" in API group "" in the namespace "xyz": User does not have access to the resource in Azure. Update role assignment to allow access.Describe the solution you'd like Would it make sense to include/extend this capability inside of the Azure Kubernetes Service RBAC Reader build-in role?
Describe alternatives you've considered Adding more permissions fixes the problem. Custom role as well (i'm working on this now).
Additional context Security concerns are for discussion. We're exposing certain capability with this proposal.