spectrocloud · karl-cardenas-coding · Mar 10, 2023 · Mar 8, 2023 · Mar 8, 2023 · Mar 8, 2023
@@ -113,7 +113,7 @@ Depending on the type of cluster, the usage guidance varies. Select the tab that
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
 
 </WarningBox>
 
@@ -152,7 +152,7 @@ tls-san:
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
 
 </WarningBox>
 
@@ -229,7 +229,7 @@ Depending on the type of cluster, the usage guidance varies. Select the tab that
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
 
 </WarningBox>
 
@@ -267,7 +267,7 @@ tls-san:
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
 
 </WarningBox>
 
@@ -336,7 +336,7 @@ Depending on the type of cluster, the usage guidance varies. Select the tab that
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes. This will also result in Kubernetes control plane nodes getting repaved.
 
 </WarningBox>
 
@@ -374,7 +374,7 @@ tls-san:
 <WarningBox>
 
 
-Be aware that if this pack is added as a day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
+Be aware that if this pack is added as a Day-2 operation, meaning not during the cluster creation process, you will have to re-download the kubeconfig file to pick up the new configuration changes.
 
 </WarningBox>
 

@@ -28,7 +28,7 @@ Palette supports provisioning a [reverse proxy dashboard](/clusters/cluster-mana
 
 </InfoBox>
 
-An version of this pack is available, Spectro Kubernetes Dashboard, which requires no configuration when used with the default settings. To learn more, check out [Spectro Kubernetes Dashboard](/integrations/spectro-k8s-dashboard).
+A user-friendly version of this pack is available, Spectro Kubernetes Dashboard, which requires minimal configurations when used with the default settings. To learn more, check out [Spectro Kubernetes Dashboard](/integrations/spectro-k8s-dashboard).
 
 <br />
 
@@ -135,7 +135,7 @@ token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ilg1bTg3RWM4Y1c3NnhkQ3dXbXNDUXQydVpYQklR
 
 * **LoadBalancer Service Type**
 
-Use the LoadBalancer service ip and port to connect to the Dashboard.
+Use the LoadBalancer service IP and port to connect to the Dashboard.
 
 # Ingress
 
@@ -145,9 +145,9 @@ The following steps guide you to configure ingress in the Kubernetes Dashboard p
 2. To enable ingress, set the `enabled` parameter to "true".
 3. Set ingress rules, such as annotations, path, hosts, and any other rules.
 
-This allows you to access the Kubernetes Dashboard in hostname or ip format using the ip address that the Ingress Controller exposes. 
+This allows you to access the Kubernetes Dashboard in hostname or IP format using the IP address that the Ingress Controller exposes. 
 
-Typically you would point a DNS CNAME record to the ingress controller ip. Talk to your system administrator to learn more about which hostname to use. 
+Typically you would point a DNS CNAME record to the ingress controller IP. Talk to your system administrator to learn more about which hostname to use. 
 
 ## Troubleshooting
 

@@ -38,6 +38,10 @@ We recommend using the pack defaults. Default settings provide best practices fo
 
 - Outbound internet connectivity for port 443 is allowed so that you and your applications can connect with the Spectro Cloud reverse proxy.
 
+
+- Users or groups must be mapped to a Kubernetes RBAC role, either a *Role* or a *ClusterRole*. You can create a custom role through a manifest and use Palette's roleBinding feature to associate the users or groups with the role. Refer to the [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) guide to learn more. 
+
+
 ## Parameters
 
 The Spectro Kubernetes Dashboard supports the following parameters. 
@@ -94,11 +98,23 @@ However, if you change **Access** to **Public** and your cluster is in a private
 
 #### Identity Provider 
 
+All IDP options below require you to map a set of users or groups to a Kubernetes RBAC role. There are two options you can use to get started the Kubernetes Dashboard and an IDP.
+
+* You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file. 
+
+
+* Alternatively, you can use the [default Kubernetes cluster roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) that are available and create a roleBinding for a set of users or groups. As an example, you could assign yourself or another user a roleBinding to the role `view` or `cluster-admin`. By assigning yourself or your users one of the default Kubernetes roles, you will be able to view resources in the Kubernetes Dashboard. Use the [Create a Role Binding](/clusters/cluster-management/cluster-rbac#createrolebindings) guide to learn more.  
+
+![The two options presented above displayed in a diagram](/integrations_spectro-k8s-dashboard_diagram-flow-users.png)
+
+### Selecting Identity Provider 
+
 The default setting is **Palette**.
 
 <br />
 
-- **Palette**: No configuration is needed. This setting makes Palette the IDP, so any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard.
+- **Palette**: This setting makes Palette the IDP, so any user with a Palette account in the tenant and the proper permissions to view and access the project's resources can log into the Kubernetes dashboard.
+
 
 - **Inherit from Organization**: This setting requires you to configure OpenID Connect (OIDC) in Tenant Settings. In Tenant Admin scope, navigate to **Tenant Settings > SSO**, choose **OIDC**, and provide your third-party IDP details. For more information, check out the [SSO Setup](/user-management/saml-sso) guide. 
 
@@ -114,35 +130,9 @@ You only need to configure OIDC manually if you change the **Identity Provider**
 
 <Tabs.TabPane tab="Basic OIDC Setup" key="Basic OIDC Setup">
 
-
-To configure OIDC manually for clusters managed by most cloud providers, follow these steps: 
-
-<br />
-
-1. Copy ``oidc-`` configuration lines in the following code snippet and add them to the Kubernetes pack under the ``extraArgs`` parameter section. Enter your third-party provider details in quotes. <br /><br />
-
-  ```
-  kubeadmconfig:
-    apiServer:
-      extraArgs:
-      oidc-issuer-url: "provider URL"
-      oidc-client-id: "client-id"
-      oidc-groups-claim: "groups"
-      oidc-username-claim: "email"
-  ```
-
-2. Under the ``clientConfig`` parameter section of Kubernetes pack, uncomment the ``oidc-`` configuration lines, and enter your provider details in quotes. The provider URL and client-id must be the same in the ``extraArgs`` and ``clientConfig`` parameter sections. <br /><br />
-
-  ```
-    clientConfig:
-      oidc-issuer-url: "provider URL"
-      oidc-client-id: "client-id"
-      oidc-client-secret: client-secret-value
-      oidc-extra-scope: profile,email,openid
-    ```
-
 <br />
 
+Follow the steps in the [Use RBAC With OIDC](/clusters/cluster-management/cluster-rbac/#userbacwithoidc) guide.
 
 </Tabs.TabPane>
 

@@ -81,4 +81,7 @@ https
 Vercel
 preboot
 operationalize
-passthrough
+passthrough
+roleBindings
+roleBinding
+kubeconfig