This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

anthos kubectl IAM capabilities

Posted on 03-24-2023 06:26 PM
christiancadie3
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am evaluating anthos  and have the following requirement

Is it possible to organize users in groups, have the same user in multiple groups and control at the level of  group or user within a group, which kubernetes cluster is accessible for these same groups and users and what is allowed. 

Example:

in group1, admin1 can create namespaces.

in group1, user2 cannot create namespaces but can create deployment in specific namespaces already created for him by his  admin1 , and can only access  cluster1,2,3 

in group2 , same user2 can create deployment and policies in other namespaces but only in cluster2,3,4

 

0 1 265
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
siegfredv
Staff
Reply posted on --/--/---- --:-- AM

Once you have set up authentication, you can then use standard Kubernetes role-based access control (RBAC) to authorize authenticated users to interact with your clusters, as well as Identity and Access Management to control access to Google services.

You can define this set of permissions by creating a ClusterRole RBAC resource,

Note that users also need IAM permissions to view clusters in the Google Cloud console

0 Likes
Top Labels in this Space