We have multiple Namespaces in our cluster. Admin will have access to all the Namespaces by means of ClusterRole. But, user will be given access to the corresponding namespaces.
Say, user A is given access to namespace B,C & D.
So user A deploys dashboard in Namespace B with service account and RoleBinding. User will be able to see all the applications in Namespaces B. But, How can we give access to this Dashboard so that one dashboard will be listing the 3 Namespaces to see the corresponding applications.
Thanks
In the current version of Kubernetes, it is possible to manage different namespaces by different users. You need to realize how the RBAC works and how to use it to manage multiple Dashboards.
Draft of the concept: You need to create rules, roles and grant permission (cluster-wide and all namespaces) and then do rolebinding. It can be used to grant read access to resources in any particular namespace, or across all namespaces.
For example, here is how to bind user "jane" to the default namespace and user "dave" to the development team. You can provide Dashboard in both namespaces to give individual user access to them.
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
namespace: default
subjects:
- kind: User
name: jane # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role #this must be Role or ClusterRole
name: pod-reader # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
# This role binding allows "dave" to read secrets in the "development" namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-secrets
namespace: development # This only grants permissions within the "development" namespace.
subjects:
- kind: User
name: dave # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: secret-reader
apiGroup: rbac.authorization.k8s.io