Skip to main content
  • EN

Hi,

we want our users to create K10 policies in their namespaces. However, when creating policies outside the kasten-io namespace, there is no “Run once” button in the UI and when trying to create a RunAction using kubectl, the following message appears:

“Error from server (BadRequest): error when creating "runaction.yaml": subject must be in K10 namespace”

I was not able to find a hint for this behavior in the docs and was wondering if there is a technical explanation for this and if this will be supported in the future.

 

Kind regards

Policies created in application namespace are application scoped policies. When a Namespace user who doesnt have access to the k10 namespace it gets created in application namespace. 

Just to add to my above comment. Run once policy is applicable for policies in Kasten-io namespace. A basic Namespace use will not have access to create a runaction(cluster scoped) at cluster scope level

Thank you for your answer Satish. I’d like to follow up on this to further understand this:

Is it a general recommendation to create policies only in the kasten-io namespace?

How can I allow users to create policies and restore backups only for their user namespace using RBAC if the policy needs to reside in the kasten-io namespace?

I have edited my first comment . If a basic namespace user creates a policy the policy will be application scope policy , which the user can perform backup and export. They will not have access to runonce becuase that is applicable for policies in Kasten-io namespace.

 

Thanks for the clarification.

This makes it a bit hard for our users to test the policies, if they have to wait for the next scheduled run. Is this something that is intended to be implemented in the future?

Comment


Terms & Conditions