Manage RBAC

This topic describes how to assign an RBAC role for users to get them access to the cluster resources. RBAC is a method to manage users' access to resources based on their roles in a company.

info

Across our documentation, we refer to the workspace as the slice workspace. The two terms are used interchangeably.

The KubeConfig file contains the token that provides a given user access to the cluster resources.

info

Across our documentation, we refer to the workspace as the slice workspace. The two terms are used interchangeably.

Assign Roles

You can assign roles to users or groups to grant them with the micro-level access to a workspace.

note

Admin can edit/modify the default role templates, add new roles, and use them.

To assign a role:

1. Go to RBAC on the left sidebar.

   

2. (Optional) Check the cluster details for each workspace by expanding its menu.

3. Select a workspace for which you want to assign roles.

   

4. Click Assign Roles. Assigning roles is further divided into four steps as described below.

Step 1 - Assign Roles to Workspace

The first step is to assign roles to users and groups for accessing the workspace.

To assign a role to users/groups to accessing the workspace:

1. On the Step 1 - Assign roles to Workspaces tab, you can select roles.

   

2. Under SELECT ROLES, for User/Group, select Service Account from the drop-down list.

3. For Name, enter the name of the user or group for which you want to assign the role.

4. For Roles, select roles from the drop-down list to assign them to the user or the group.

5. Add another user or group to assign roles (if required) by clicking the + (plus) icon.

6. After assigning roles to the workspace, click Next to assign roles to namespaces.

Step 2 - Assign Roles to Namespaces

The second step is to assign roles to namespaces onboarded on to a workspace. To assign roles to namespaces:

1. On the Step 2 - Assign to Namespaces tab, you can see that the role in question is not assigned to namespaces.

2. Under Roles, select the role that you want to assign and click Assign Namespaces.

   

   There is a search box in which you can search by Roles, Users, or User Groups. All these three options are in the search box's drop-down list.

3. On the Assign Namespaces to Roles dialog, select the namespace that you want to assign this role or select the CHOOSE NAMESPACES checkbox (that is above all the namespaces) if you want to assign the role to all the namespaces.

   

4. Click Save to assign the role to namespaces.

5. On the Step 2 - Assign to Namespaces tab, verify the list of namespaces assigned with a role by clicking View all for that specific role.

   

6. Click Next to apply the YAML file.

Step 3 - Apply YAML

The third step is to apply the YAML file that is autogenerated.

To apply the YAML file:

1. On the Step 3 - Apply YAML tab, under the Code Preview, verify the configuration.

2. Click Apply YAML to apply the configuration.

3. Click Next to finalize all the configuration.

Step 4 - Finalize the Role Assignment

The fourth step is the final step to verify the role assignment.

To verify the role assignment:

1. On the Step 4 - Finalize tab, verify the role assigned to namespaces.

   

2. Click Done. On the RBAC page, the roles assigned to a workspace.

Download the KubeConfig File

caution

A KubeConfig file can be downloaded when a Service Account is attached to some roles. If you are using User or Group attachments to the roles, then use the IDP provided configuration to access the worker clusters.

1. Go to RBAC on the left sidebar.

2. On the Workspaces page, expand a workspace to get the KubeConfig file of the connected clusters.

   

   note

   You can only download the KubeConfig file for a workspace which contains roles assigned under Roles.

3. The KubeConfig file is downloadable only if it contains View all under Roles. Otherwise, you must assign a role as explained in Assign Roles.

4. The user after he logs in to the user portal can download the KubeConfig file from the RBAC page.

Share the KubeConfig File with the User

The downloaded Kubeconfig file contains appropriate privileges as defined in RBAC. Share this file with the user to grant access to the clusters.

From the User Portal, the user can also download the KubeConfig file from the RBAC page.