kubernetic icon indicating copy to clipboard operation
kubernetic copied to clipboard
verified publisher icon harbur

What should be the rights to RBAC for restricted read-only access?

Open Fameing opened this issue 7 years ago • 2 comments

Fameing avatar Aug 15 '18 12:08 Fameing

A user with RoleBinding of the "view" ClusterRole should be able to have read-only access to a specific namespace.

In order for the user to be able to enumerate the namespaces (and switch between them) he should have watcher privileges on namespaces (with a ClusterRoleBinding) otherwise you'll need to configure the context with the default namespace so that Kubernetic picks it from there.

dkapanidis avatar Aug 16 '18 12:08 dkapanidis

list , get , watch permissions are needed for RO access to namespace

skob avatar May 14 '19 12:05 skob