kubernetes

I have a cluster with multiple namespaces. Let's call them: ns1 and ns2 I also have multiple service accounts, lets call them sa1 and sa2, all in one namespace - sa-ns.

Both users can access all resources within both namespaces, however they cannot list namespaces they are part of. kubectl get ns --as=sa1 returns:

Error from server (Forbidden): namespaces is forbidden: User "sa1" cannot list resource "namespaces" in API group "" at the cluster scope

It works only if I manually specify which namespace I want to list:

kubectl get ns ns1 --as=sa1

I need both users sa1 and sa2 be able to list all namespaces within cluster they have access to. In this case ns1 and ns2.

This behavior also probably wont allow me to list namespaces and it's resources in Lens dashboards. From the the namespace list I can list only the namespace sa-ns the users sa1 & sa2 are part of. Dashboards are however empty as you can seen on the image bellow.

I tried to add namespace the user has in fact access to via ACCESSIBLE NAMESPACES feature in Lens, but it doesn't work either.

I still don't see anything, only blank dashboards.

ServiceAccount:

Role:

RoleBinding:

I tried to use ClusterRoleinstead of Role but nothing has changed.