How to change a users cluster-permissions with custom RBAC.
Adding a user to your environment
If you want to give a user access to your cluster, the user first needs to be added to your organisation. Navigate to the permissions section in the AME console and enter the email address of the user you would like to add.
Select a role and press the ‘Add to organisation’ button to confirm. By default, some roles already have clusterRoles assigned to them, as you can see in the table below. However, if you want to give a user with a certain role extra permissions within your cluster, you can do so by adding custom RBAC-rules.
|Role||Kubernetes RBAC clusterRoleBinding|
Adding custom RBAC-rules
Now that the user has been added to your organisation, the user is able to connect to a cluster using kubectl. You can add a custom
clusterRoleBinding resource to assign additional permissions for the user within the cluster.
Customize the example below and apply it with kubectl apply, alternatively you can add it to your git-repository and deploy is using GitOps through Fluxcd or other Continuous deployment tooling continuous deployment.
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ame:user-admin-accounts roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: <username_of_the_newly_added_user>