Permissions

Namespace permissions are used to control the namespaces that individual users can access in a given cluster.

This configuration is based on the concept of GitOps, so you first need to ensure your git account is connected to your Organization. For more information, refer to the Connecting your Organization to git documentation.

Configuration file

You will need to create a configuration file to define the namespace permissions you require for your Organization. The configuration file should be stored in a git repository that is connected to your Organization.

Configuration file is a yaml file that defines namespace permission configuration. It has the following fields:

username field is username/email
clusterName field is name of the cluster from organization
namespace field is name of the Kubernetes namespace that user can access. Wildcard operator (*) is allowed on namespace level.

Configuration file example

version: v1alpha1
users:
  - username: test-user
    config:
      - clusterName: local-cluster
        namespaces:
          - default
          - dev
      - clusterName: local-cluster-2
        namespaces:
          - '*'
  - username: test-user-2
    config:
      - clusterName: local-cluster
        namespaces:
          - default

Applying the configuration file

Once your configuration file is available in git, go to the Orgs tab in Pipekit and select the Permissions tab.

From here, you can select the repo, branch and specify configuration file location.

Submitting the configuration file will trigger Pipekit to apply the defined permissions and after that moment, only the users that are specified in the configuration file will be able to access namespaces that are specified.

From this point, updating the file in your git repository will trigger Pipekit to update the permissions accordingly.

Last updated 1 year ago