Multi-Cluster Access

For users to get access to Multi-Cluster Manager, Multi-Cluster access control can be configured.

Users first need access to clusters joined and available in the Multi-Cluster Manager setup. Refer Multi-Cluster User section for more information.

Configuring Access for Multi-Cluster Users

Veeam Kasten allows users and/or groups to be bound to a list of clusters with pre-defined K10ClusterRoles. This ensures, users and/or groups can be given granular access for individual clusters.

Veeam Kasten will handle any Kubernetes roles or bindings required to facilitate the access control.

Note

Because Veeam Kasten handles access control, authentication domains for users/groups can be different on primary and secondary clusters.

Admin users can add or update K10ClusterRoleBindings in the Multi-Cluster Manager dashboard.

../../_images/rbac_entries.png

K10ClusterRoleBindings

K10ClusterRoleBindings defines users/groups access to clusters.

../../_images/k10ClusterRoleBinding.png

One of the predefined K10ClusterRoles, k10-multi-cluster-admin, k10-multi-cluster-basic or k10-multi-cluster-config-view, can be selected.

Either all clusters or a list of clusters can be selected using name or a selector string.

List of users or groups can be added using fully qualified names.

The complete RBAC reference for K10ClusterRoleBindings can be found in this section.