Manage your Kubernetes cluster access using a role-based approach.
The Container Cluster Management – Cluster Access Control section provides a role-based access control management system for Kubernetes clusters. Use the following procedure to connect to Access Control:
Proceed to the CCM main dashboard. This serves as the central hub for all cluster management activities.
In the dashboard, locate the
Cluster table
, positioned towards the bottom of the interface. This table lists all the clusters available under your management.
Identify and choose a cluster by selecting the cluster name in the
Cluster table
. This action will direct you to a detailed view of the selected cluster.
Within the cluster details view, navigate to the
Access control
tab. Here, you will find options to view and manage Persistent Volumes, Persistent Volume Claims, and Storage Classes associated with the selected cluster.
Access Control
The Access Control in Kubernetes includes the following sections:
Cluster roles:
A non-namespaced resource. It's assigned names like Role and ClusterRole because Kubernetes objects are either namespaced or not. Uses:
Set permissions on namespaced resources within individual namespace(s).
Grant permissions on namespaced resources across all namespaces.
Define permissions on cluster-scoped resources.
Roles:
Always sets permissions within a specified namespace. When creating a Role, the namespace it pertains to must be specified.
Cluster role bindings:
While a RoleBinding provides permissions within a particular namespace, a ClusterRoleBinding offers that access across the entire cluster.
Role bindings:
Grants the permissions as defined in a role to specific users or groups. It contains a list of subjects (users, groups, or service accounts) and references the role that is being granted. Grants permissions within a specified namespace.
Service accounts:
These are Kubernetes resources managed via the Kubernetes API. It is intended for in-cluster entities like Pods to authenticate to the Kubernetes API server or external services.
Cluster roles
On the cluster roles page, you'll find a comprehensive view of all cluster roles for your cluster. The table displays:
Name:
Name of the cluster role.
Age:
The duration since the cluster role was created.
duration
To explore more details about a cluster role, select either the entire row or the
View details
option.
This will present the cluster role's details in a side panel which includes:
Cluster role name
as the panel title,
Labels
, and
Annotations
.
Rules:
Displays the Rules table showcasing
Resources
,
Verbs
, and
API Groups
.
Raw JSON:
Contains JSON data from the cluster roles API exposed by Kubernetes.
Roles
The roles page overviews all roles for a particular cluster within a selected namespace. The table displays:
Name:
Name of the role.
Namespace:
The namespace within which the roles are created.
Age:
The duration since the role has been set.
To delve into a role's details, select the row or the
View details
option. A side panel will display:
Role name
as the panel title,
Labels
, and
Annotations
.
Rules:
Displays the Rules table showcasing
Resources
,
Verbs
, and
API Groups
.
Raw JSON:
Contains JSON data from the roles API exposed by Kubernetes.
Cluster role bindings
This page presents a view of your cluster's role bindings. The table highlights:
Name:
Name of the cluster role binding.
Role reference:
Role reference for that specific cluster role binding.
Age:
Duration since the cluster role binding has been active.
For a deeper understanding of a cluster role binding, select its row or the
View details
option. This will bring up a side panel detailing:
Cluster role binding name
as the panel title and
Labels
.
Subject:
Showcases the Subject table with columns such as
API Group
,
Subject kind
, and
Subject name
.
Raw JSON:
Provides JSON data from the cluster role bindings API exposed by Kubernetes.
Role bindings
This section presents all role bindings for a specific cluster within a selected namespace. The table contains:
Name:
Name of the role binding.
Namespace:
The namespace in which the role bindings reside.
Role reference:
Role reference for the specific role binding.
Age:
The duration since the role binding been has been set.
Select a role binding's row or the
View details
option to view its specifics. A side panel will feature:
Role binding name
as the panel title and
Labels
.
Subject:
Details the Subject table columns, including
API Group
,
Subject kind
, and
Subject name
.
Raw JSON:
Contains JSON data from the role bindings API offered by Kubernetes.
Service Accounts
This page showcases all service accounts for a specific cluster within the chosen namespace. The table shows:
Name:
Service account's name.
Age:
The duration the service account has been active.
Select its row or the
View detail
s option to examine a service account in detail. A side panel will reveal: