Veeam Kasten RBAC Dashboard

The Veeam Kasten Role Based Access Control (RBAC) dashboard can be used to setup varying levels of access to Veeam Kasten's dashboard and APIs.

Note

This dashboard can be viewed only if the user is authorized to view Kubernetes namespace-scoped Roles, Role Bindings and/or Cluster Roles and Cluster Role Bindings. Refer RBAC permissions for more information.

User Access

Veeam Kasten allows users to manage Kubernetes access through the Veeam Kasten dashboard. Users can create Role Bindings as well as Cluster Role Bindings by choosing existing or creating new Roles and Cluster Roles.

Note

Bindings are available for subject type Users and Groups. If a Service Account binding is required, use the format system:serviceaccount:<sa_namespace>:<sa_name> in the User field for a single Service Account in a specific namespace. Alternatively, use the format system:serviceaccounts:<sa_name> in the Group field for a Service Account in all namespaces.

Admin Access

To setup administrator access for a user or group, the Veeam Kasten RBAC dashboard can be used to create a Cluster Role Binding. Select the Cluster Role named k10-admin from the drop down. Provide one or more users/groups while configuring the subjects of the Cluster Role Binding.

../_images/rbac_admin_crb.png

Multi Tenant Access

To setup access for users so that they can perform data protection operations, only in their namespaces, the Veeam Kasten RBAC dashboard can be used to create Role Binding(s) in a specific list of namespaces. Select the Cluster Role named k10-basic from the drop down. Provide one or more users/groups while configuring the subjects of the Role Binding.

../_images/rbac_basic_rb.png

Read-Only Access

To setup read-only access for users, the Veeam Kasten RBAC dashboard can be used to create a Cluster Role Binding. Select the Cluster Role named k10-config-view from the drop down. Provide one or more users/groups while configuring the subjects of the Cluster Role Binding.

../_images/rbac_config_crb.png

Customizing Access

To customize access to Veeam Kasten dashboard and APIs, users can create custom Roles and Cluster Roles and create corresponding Role Bindings and Cluster Role Bindings using those Roles and Cluster Roles as well as the default ones deployed when Veeam Kasten is installed.

Note

Veeam Kasten will only display a table of permissions related to Veeam Kasten resources, while creating Roles and Cluster Roles.

Roles

Single or multiple Roles can be created via the Veeam Kasten dashboard.

Roles can be created for multiple namespaces by selecting them from the drop down menu. A separate instance of the Role will be created in each namespace.

Permissions are grouped into three categories: Read (get, list, and watch), Write (create, update, and patch), and Delete (delete). These groups of permissions can be applied to all Veeam Kasten resources, groups of Veeam Kasten resources, or individual Veeam Kasten resources.

../_images/rbac_custom_role.png

Cluster Roles

A Cluster Role can be created by selecting the permissions from the resources table.

../_images/rbac_custom_cluster_role.png

Role Bindings

Single or multiple Role Bindings can be created via the Veeam Kasten dashboard.

If a Role Binding is be created in a namespace, either a Cluster Role or a Role from the corresponding namespace can be selected from the drop down menu. If multiple Role Bindings are to be created, a Cluster Role can be selected from the drop down.

../_images/rbac_custom_rb.png

Cluster Role Bindings

A Cluster Role Binding can be created by choosing a Cluster Role from the drop down. A Cluster Role Binding will give access throughout the entire cluster.

../_images/rbac_custom_crb.png

Note

Veeam Kasten will only display a subset of Roles and Cluster Roles which cover Veeam Kasten APIs while creating Bindings.