K10 RBAC Dashboard
The K10 Role Based Access Control (RBAC) dashboard can be used to setup varying levels of access to K10's dashboard and APIs.
This dashboard can be viewed only if the user is authorized to view Kubernetes namespace-scoped Roles, Role Bindings and/or Cluster Roles and Cluster Role Bindings. Refer RBAC permissions for more information.
K10 allows users to manage Kubernetes access through the K10 dashboard. Users can create Role Bindings as well as Cluster Role Bindings by choosing existing or creating new Roles and Cluster Roles.
To setup administrator access for a user or group, the K10 RBAC dashboard
can be used to create a Cluster Role Binding. Select the Cluster Role named
k10-admin from the drop down. Provide one or more users/groups while
configuring the subjects of the Cluster Role Binding.
Multi Tenant Access
To setup access for users so that they can perform data protection
operations, only in their namespaces, the K10 RBAC dashboard can be used to
create Role Binding(s) in a specific list of namespaces. Select the Cluster
k10-basic from the drop down. Provide one or more
users/groups while configuring the subjects of the Role Binding.
To setup read-only access for users, the K10 RBAC dashboard can be used to
create a Cluster Role Binding. Select the Cluster Role named
k10-config-view from the drop down. Provide one or more users/groups
while configuring the subjects of the Cluster Role Binding.
To customize access to K10 dashboard and APIs, users can create custom Roles and Cluster Roles and create corresponding Role Bindings and Cluster Role Bindings using those Roles and Cluster Roles as well as the default ones deployed when K10 is installed.
K10 will only display a table of permissions related to K10 resources, while creating Roles and Cluster Roles.
Single or multiple Roles can be created via the K10 dashboard.
Roles can be created for multiple namespaces by selecting them from the drop down menu. A separate instance of the Role will be created in each namespace.
Permissions are grouped into three categories: Read (get, list, and watch), Write (create, update, and patch), and Delete (delete). These groups of permissions can be applied to all K10 resources, groups of K10 resources, or individual K10 resources.
A Cluster Role can be created by selecting the permissions from the resources table.
Single or multiple Role Bindings can be created via the K10 dashboard.
If a Role Binding is be created in a namespace, either a Cluster Role or a Role from the corresponding namespace can be selected from the drop down menu. If multiple Role Bindings are to be created, a Cluster Role can be selected from the drop down.
Cluster Role Bindings
A Cluster Role Binding can be created by choosing a Cluster Role from the drop down. A Cluster Role Binding will give access throughout the entire cluster.
K10 will only display a subset of Roles and Cluster Roles which cover K10 APIs while creating Bindings.