Tectonic Console allows you to define Roles used to grant access to system, namespace or cluster-wide resources.
Each Role is composed of a set of rules, which defines the type of resource and access allowed the Role.
From Administration > Roles, click Create Role to open a YAML template, which may be edited to create a new Role.
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: example namespace: default rules: - apiGroups: - '' # empty quotes ('') indicate the core API group resources: - pods verbs: - get - watch - list
Once the Role is created, click its Name in the Roles page, then click Add Rule to open the Create Access Rule page.
From the Create Access Rule page, select:
Type of Access: actions that can be taken on Kubernetes resources are grouped into easy categories.
Tectonic inherits most of the cluster-wide roles from Kubernetes upstream. The default cluster-wide roles in Tectonic are:
|cluster-admin||Super-user access. When used in a ClusterRoleBinding, grants full control over every resource in the cluster and in all namespaces. When used in a RoleBinding, grants full control over every resource in the rolebinding's namespace, including the namespace itself.|
|admin||Full control over all objects in a namespace. Bind this role into a namespace to give administrative control to a user or group. It does not allow write access to resource quota or to the namespace itself.|
|edit||Read/write access to all common objects, either within a namespace or cluster-wide. Does not allow read/write access to roles or rolebindings.|
|view||Read-only access to most objects. Can be used cluster-wide, or within a specific namespace. Does not allow viewing roles, rolebindings, or secrets.|
For more information on these roles, see User-facing Roles in the Kubernetes documentation.
To grant users access to Roles, use a Role Binding.