-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update 00-spectro-k8s-dashboard.md #1161
Conversation
Hi @arvind-sys. Thanks for your PR. I'm waiting for a spectrocloud member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
✅ Deploy Preview for docs-spectrocloud ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 28.1%, saving 115.66 KB.
235 images did not require optimisation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The added flow diagram is helpful.
I noticed that sometimes roleBinding is used and sometimes RoleBinding. I started correcting this to be RoleBinding and thought instead I'd just point it out. You may want to search and correct for consistency.
Other minor corrections are needed.
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
content/docs/04-clusters/06-cluster-management/09-cluster-rbac.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Rita Watson <117382432+ritawatson@users.noreply.github.com>
@@ -94,11 +98,23 @@ However, if you change **Access** to **Public** and your cluster is in a private | |||
|
|||
#### Identity Provider | |||
|
|||
All IDP options below require you to map a set of users or groups to a Kubernetes RBAC role. There are two options you can use to get started with the Kubernetes Dashboard and an IDP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[write-good.ThereIs] Don't start a sentence with 'There are'.
@@ -13,197 +13,264 @@ import PointsOfInterest from 'shared/components/common/PointOfInterest'; | |||
|
|||
# Overview | |||
|
|||
RoleBindings and ClusterRoleBindings are Role-Based Access Control (RBAC) concepts that allow granular control over cluster-wide resources as well as namespaced resources. Palette provides the ability to specify these bindings to configure granular RBAC rules. Palette also can define new namespaces for the cluster and manage (remove, assign quota, assign role bindings, etc.) them. | |||
[*RoleBindings*](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) and *ClusterRoleBindings* are Role-Based Access Control (RBAC) concepts that allow granular control over cluster-wide resources. Palette provides you the ability to specify bindings to configure granular RBAC rules. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBindings' instead of 'RoleBindings'.
verbs: ["get", "watch", "list"] | ||
``` | ||
|
||
- **RoleBinding** associates a subject with a role. A subject can be a user, a group, or a [*ServiceAccount*](https://kubernetes.io/docs/concepts/security/service-accounts/). A RoleBinding is used to grant permissions to a subject. Role and RoleBinding are used to scope a subject to a specific Kubernetes namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
verbs: ["get", "watch", "list"] | ||
``` | ||
|
||
- **RoleBinding** associates a subject with a role. A subject can be a user, a group, or a [*ServiceAccount*](https://kubernetes.io/docs/concepts/security/service-accounts/). A RoleBinding is used to grant permissions to a subject. Role and RoleBinding are used to scope a subject to a specific Kubernetes namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
|
||
There are many reasons why you may want to create roles and assign permissions to different users or groups. Below are a few common scenarios. | ||
|
||
* Use Role and a RoleBinding to scope security to a single Kubernetes namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
There are many reasons why you may want to create roles and assign permissions to different users or groups. Below are a few common scenarios. | ||
|
||
* Use Role and a RoleBinding to scope security to a single Kubernetes namespace. | ||
* Use Role and a RoleBinding to scope security to several Kubernetes namespaces. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
</WarningBox> | ||
|
||
|
||
Use the steps below to create a RoleBinding or ClusterRoleBinding for your host clusters. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
The RBAC settings view contains two tabs: | ||
|
||
* **Cluster**: Use this tab to create a ClusterRoleBinds. | ||
* **Namespaces**: Use this tab to create a RoleBinding within Kubernetes namespaces. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
|
||
<InfoBox> | ||
Palette does not provide a way for roles to be configured natively through its platform. However, you may choose to create roles using a manifest layer in the cluster profile. RBAC management only allows you to specify bindings. | ||
|
||
In Kubernetes, a RoleBinding connects a user or group with a set of permissions called a Role. The Role can be in the same namespace as the RoleBinding. If you want to give a role access to all the namespaces in your cluster, use a ClusterRoleBinding. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
|
||
<InfoBox> | ||
A RoleBinding may reference any Role in the same namespace. Alternatively, a RoleBinding can reference a ClusterRole and bind that ClusterRole to the namespace of the RoleBinding. For example, if you want to bind a ClusterRole to all the namespaces in your cluster, you use a ClusterRoleBinding. | ||
|
||
In Kubernetes, a RoleBinding connects a user or group with a set of permissions called a Role. The Role can be in the same namespace as the RoleBinding. If you want to give a role access to all the namespaces in your cluster, use a ClusterRoleBinding. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'roleBinding' instead of 'RoleBinding'.
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 42.9%, saving 127.95 KB.
239 images did not require optimisation. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: arvind-sys, karl-cardenas-coding, ritawatson The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -38,6 +38,10 @@ We recommend using the pack defaults. Default settings provide best practices fo | |||
|
|||
- Outbound internet connectivity for port 443 is allowed so that you and your applications can connect with the Spectro Cloud reverse proxy. | |||
|
|||
|
|||
- Users or groups must be mapped to a Kubernetes RBAC role, either a *Role* or a *ClusterRole*. You can create a custom role through a manifest and use Palette's roleBinding feature to associate the users or groups with the role. Refer to the [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) guide to learn more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBinding' instead of 'roleBinding'.
@@ -94,11 +98,23 @@ However, if you change **Access** to **Public** and your cluster is in a private | |||
|
|||
#### Identity Provider | |||
|
|||
All IDP options below require you to map a set of users or groups to a Kubernetes RBAC role. There are two options you can use to get started with the Kubernetes Dashboard and an IDP. | |||
|
|||
* You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBinding' instead of 'roleBinding'.
* You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file. | ||
|
||
|
||
* Alternatively, you can use the [default Kubernetes cluster roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) that are available and create a roleBinding for a set of users or groups. As an example, you could assign yourself or another user a roleBinding to the role `view` or `cluster-admin`. By assigning yourself or your users one of the default Kubernetes roles, you will be able to view resources in the Kubernetes Dashboard. Use the [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) guide to learn more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBinding' instead of 'roleBinding'.
* You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file. | ||
|
||
|
||
* Alternatively, you can use the [default Kubernetes cluster roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) that are available and create a roleBinding for a set of users or groups. As an example, you could assign yourself or another user a roleBinding to the role `view` or `cluster-admin`. By assigning yourself or your users one of the default Kubernetes roles, you will be able to view resources in the Kubernetes Dashboard. Use the [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) guide to learn more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBinding' instead of 'roleBinding'.
|
||
Users can configure namespaces and RBAC directly from within a cluster or from a workspace that contains a collection of homogenous clusters that need to be managed as a group. | ||
You can configure namespaces and RBAC from within a cluster or from a [Palette Workspace](/workspace) that contains a collection of like clusters that need to be managed as a group. If a host cluster is part of a Palette workspace, then all roleBindings must occur at the namespace level. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBindings' instead of 'roleBindings'.
|
||
While configuring the cluster (Cluster Settings) during the cluster creation, the user can select RBAC from the left menu. There are two available options for setting up RBAC: | ||
<Tabs.TabPane tab="Assigne a Namespace Role" key="roleBinding"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'RoleBinding' instead of 'roleBinding'.
Update 00-spectro-k8s-dashboard.md
This PR adds new content to the Kubernetes Dashboard Pack related to RBAC.
💻 Preview