search
PipekitPricingBlogPipekit StatusRelease Notes

Permissions

Namespace permissions are used to control the namespaces that individual users can access in a given cluster.

circle-info

This configuration is based on the concept of GitOps, so you first need to ensure your git account is connected to your Organization. For more information, refer to the Connecting your Organization to git documentation.

hashtag
Configuration file

You will need to create a configuration file to define the namespace permissions you require for your Organization. The configuration file should be stored in a git repository that is connected to your Organization.

Configuration file is a yaml file that defines namespace permission configuration. It has the following fields:

  • username field is username/email

  • clusterName field is name of the cluster from organization

  • namespace field is name of the Kubernetes namespace that user can access. Wildcard operator (*) is allowed on namespace level.

hashtag
Configuration file example

version: v1alpha1
users:
  - username: test-user
    config:
      - clusterName: local-cluster
        namespaces:
          - default
          - dev
      - clusterName: local-cluster-2
        namespaces:
          - '*'
  - username: test-user-2
    config:
      - clusterName: local-cluster
        namespaces:
          - default

hashtag
Applying the configuration file

Once your configuration file is available in git, go to the Org tab in Pipekitarrow-up-right and select the Permissions tab.

From here, you can select the repo, branch and specify configuration file location.

Submitting the configuration file will trigger Pipekit to apply the defined permissions and after that moment, only the users that are specified in the configuration file will be able to access namespaces that are specified.

From this point, updating the file in your git repository will trigger Pipekit to update the permissions accordingly.

Last updated