Self-Service Users Fails to List Pods, Deployments, and Services in UI

Problem

For the PMK v5.11.2, it is observed that the Self-Service users are unable to list Pods, Deployments, and Services in the UI.

The error observed is:

Services is forbidden: User "[Username]" cannot list resource "services" in API group "'' at the cluster scope

Environment

Platform9 Managed Kubernetes - v5.11 and higher.
Component- Self Service Users - UI.

Diagnostic Steps

With the Self-service and Local users having the right RBAC, this issue is identified in PMK-5.11 version.

In the browser, from the PMK UI page, select Inspect Element >> Network Fetch/XHR shows that the affected users have a 403 Forbidden response. The namespace is not getting appended in the list pod api call shown below:

https://[DU_FQDN]/qbert/v4/[TENANT_UUID]/clusters/[CLUSTER_UUID]/api/v1/pods

Whereas for the resources like statefulsets, it is noticed that the namespace and namespace name are getting appended with the api call.

https://[DU-FQDN]/qbert/v4/[TENANT_UUID]/clusters/[CLUSTER_UUID]/k8sapi/apis/apps/v1/namespaces/[NAMESPACE_NAME]/statefulsets

Cause

This has been identified as an issue in PMK v5.11.2 and above versions and is tracked in PMK-6725.

Additional Information

The fix is anticipated to be available in the PMK-v5.15 release. The ETA for this release is not finalised at the moment.

PreviousCluster Deployment Fails Due To Multiple NICS NextHigh Disk Usage on / Filesystem Due to Prometheus Data-Agent WAL Files

Last updated 4 months ago

Good evening

hashtagProblem

hashtagEnvironment

hashtagDiagnostic Steps

hashtagCause

hashtagAdditional Information

Problem

Environment

Diagnostic Steps

Cause

Additional Information