Creating or updating an endpoint Kubernetes namespace inside Aria Automation fails with " cannot create resource namespaces in API group at the cluster scope "
search cancel

Creating or updating an endpoint Kubernetes namespace inside Aria Automation fails with " cannot create resource namespaces in API group at the cluster scope "

book

Article ID: 383534

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Modifying Kubernetes namespaces with Aria Automation can result with CRUD type operations failing.

Symptoms:

  • You have built out a custom pipeline that use's a Kubernetes endpoint to perform Kubernetes tasks
  • Manually performing operations inside your Kubernetes endpoint succeeds for CRUD type operations
  • The API / Kubernetes integration validates Successfully
  • Permissions appear configured correctly for user to access read and write operations on the Kubernetes entities


    You see an error message similar to this example:

Environment

Aria Automation 8.x

Cause

User Management Roles are not defined in scope for the resources being operated on.

Resolution

The following resources are created/ modified as part of K8S Workspace requirements

  • namespace
  • pods
  • deployment
  • service
  • PV
  • PVC
  • secret (registry secret)
  • nodeport
  • load balancer

 

Add the Create, Update, Patch, Read/ View roles for the above resources in your environment 

Additional Information

Please review further requirements as outlined by Kubernetes : https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Powered by Wolken Software