Dashboard Access
Once a primary cluster is configured for the Multi-Cluster Manager features can be accessed via the Dashboard.
Multi-Cluster Admins
The Multi-Cluster Manager dashboard will be available at https://<URL to k10 gateway service>/k10/#/clusters for Veeam Kasten exposed externally or http://127.0.0.1:<forwarding port>/k10/#/clusters for Veeam Kasten exposed through kubectl port-forward during install. Refer Dashboard Access for more information.
If a cluster is setup as primary, the dashboard will have a drop-down at top of the navigation sidebar that allows navigation to the Multi-Cluster Manager dashboard.
For users to get admin access to the Multi-Cluster Manager dashboard as well as other Multi-Cluster features, additional role bindings may be required.
The k10-mc-admin
ClusterRole is installed during install/
upgrade. It grants admin users access to Distributions, Clusters, Config,
Secrets and Multi-Cluster RBAC configurations in
the Multi-Cluster namespace.
During joining, Veeam Kasten creates a RoleBinding for a default Group
k10:admins
in the Multi-Cluster namespace. Admin users can be
added to this Group and will be able to use the above k10-mc-admin
ClusterRole.
Note
k10-mc-admin
will be installed under the name <release_name>-mc-admin
.
This ClusterRole is not configurable and is installed with Veeam Kasten.
You can also create role bindings for existing users or service accounts.
To bind the k10-mc-admin
ClusterRole to a User, use the following command
$ kubectl create rolebinding <name> --clusterrole=k10-mc-admin \
--namespace=kasten-io-mc \
--user=<name>
To bind the k10-mc-admin
ClusterRole to a ServiceAccount, use the following
command
$ kubectl create rolebinding <name> --clusterrole=k10-mc-admin \
--namespace=kasten-io-mc \
--serviceaccount=<serviceaccount_namespace>:<serviceaccount_name>
- The complete RBAC reference can be found in the
Multi-Cluster RBAC section.
Admin users might also need to configure additional K10ClusterRoleBindings. The K10ClusterRoleBindings allow users to be granted access to the secondary clusters.
K10ClusterRoleBindings are used for defining who (users/groups) have what access in which clusters. They are resources that can be created in the primary cluster to give users/groups access to all or some secondary clusters.
During joining, Veeam Kasten creates a K10ClusterRoleBinding in the
Multi-Cluster namespace. The default group for this binding is
k10:admins
. Other admin users or groups can be
added to this K10ClusterRoleBinding
via API or via the dashboard, or a
new K10ClusterRoleBinding
can be created.
The complete K10ClusterRoleBinding
reference can be found in the
Multi-Cluster Access section.
Multi-Cluster Users
For users who need access only to certain cluster-level operations but not all the Multi-Cluster Manager configurations, admins can configure users to have limited access control using Veeam Kasten Multi-Cluster RBAC. Refer Multi-Cluster User Access for more information.