Avisi cloud logo
How toIAM

Efficiently Manage User Permissions with Custom RBAC

Learn how to efficiently manage user permissions by adding new users to your Kubernetes cluster with custom RBAC rules.

To give a user access to your cluster, first add them to your organization. For guidance, see Invite a user to an organization.

Each member can have a default Kubernetes role in addition to an API role. This role applies to all clusters within the organization. If needed, you can set the cluster role to None at the organization level and then assign or override it per environment. You can also remove organization-wide Kubernetes roles for specific environments.

Kubernetes allows adding extra permissions through custom RBAC. Users with the None role can have full custom Kubernetes RBAC applied.

RoleKubernetes ClusterRole
Cluster Admincluster-admin
Editedit
Viewview
None-

For more details, see the Kubernetes documentation on default ClusterRoles.

Adding Custom RBAC Rules

Once a user has been added to your organization, they can connect to a Kubernetes cluster using kubectl. You can create a custom ClusterRoleBinding resource to assign additional permissions for the user within the cluster.

Customize the example below and apply it using kubectl apply:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ame:user-admin-accounts
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: <username_of_the_newly_added_user>

This configuration allows you to manage user permissions effectively.

Last updated on