K10 RBAC Dashboard

The K10 Role Based Access Control (RBAC) dashboard can be used to setup varying levels of access to K10's dashboard and APIs.

Note

This dashboard can be viewed only if the user is authorized to view Kubernetes namespace-scoped Roles, Role Bindings and/or Cluster Roles and Cluster Role Bindings. Refer RBAC permissions for more information.

User Access

K10 allows users to manage Kubernetes access through the K10 dashboard. Users can create Role Bindings as well as Cluster Role Bindings by choosing existing or creating new Roles and Cluster Roles.

Note

Bindings are available for subject type Users and Groups. If a Service Account binding is required, use the format system:serviceaccount:<sa_namespace>:<sa_name> in the User field for a single Service Account in a specific namespace. Alternatively, use the format system:serviceaccounts:<sa_name> in the Group field for a Service Account in all namespaces.

Admin Access

To setup administrator access for a user or group, the K10 RBAC dashboard can be used to create a Cluster Role Binding. Select the Cluster Role named k10-admin from the drop down. Provide one or more users/groups while configuring the subjects of the Cluster Role Binding.

../_images/rbac_admin_crb.png

Multi Tenant Access

To setup access for users so that they can perform data protection operations, only in their namespaces, the K10 RBAC dashboard can be used to create Role Binding(s) in a specific list of namespaces. Select the Cluster Role named k10-basic from the drop down. Provide one or more users/groups while configuring the subjects of the Role Binding.

../_images/rbac_basic_rb.png

Read-Only Access

To setup read-only access for users, the K10 RBAC dashboard can be used to create a Cluster Role Binding. Select the Cluster Role named k10-config-view from the drop down. Provide one or more users/groups while configuring the subjects of the Cluster Role Binding.

../_images/rbac_config_crb.png

Customizing Access

To customize access to K10 dashboard and APIs, users can create custom Roles and Cluster Roles and create corresponding Role Bindings and Cluster Role Bindings using those Roles and Cluster Roles as well as the default ones deployed when K10 is installed.

Note

K10 will only display a table of permissions related to K10 resources, while creating Roles and Cluster Roles.

Roles

Single or multiple Roles can be created via the K10 dashboard.

Roles can be created for multiple namespaces by selecting them from the drop down menu. A separate instance of the Role will be created in each namespace.

Permissions are grouped into three categories: Read (get, list, and watch), Write (create, update, and patch), and Delete (delete). These groups of permissions can be applied to all K10 resources, groups of K10 resources, or individual K10 resources.

../_images/rbac_custom_role.png

Cluster Roles

A Cluster Role can be created by selecting the permissions from the resources table.

../_images/rbac_custom_cluster_role.png

Role Bindings

Single or multiple Role Bindings can be created via the K10 dashboard.

If a Role Binding is be created in a namespace, either a Cluster Role or a Role from the corresponding namespace can be selected from the drop down menu. If multiple Role Bindings are to be created, a Cluster Role can be selected from the drop down.

../_images/rbac_custom_rb.png

Cluster Role Bindings

A Cluster Role Binding can be created by choosing a Cluster Role from the drop down. A Cluster Role Binding will give access throughout the entire cluster.

../_images/rbac_custom_crb.png

Note

K10 will only display a subset of Roles and Cluster Roles which cover K10 APIs while creating Bindings.